johanl

Don't forget to enable ip routing/forwarding on the Mandrake box.

NFS is not hard to setup, but what's wrong with Samba? It's also pretty easy to setup, and with Webmin it's even easier to setup and manage.

This looks like a fraud to me...and besides, it's a Windows program (.exe). I would stay away from this it all sounds to vague to me.

I'm already behind a hardware firewall (Netgear router) but would it still be beneficial for me to run a software firewall as well?

I have a Zyxel router with a built-in firewall, and it never lets me down.. I used to have ZoneAlarm on my Windows pc, but no intrusion detection ever occured.

I was wondering if somebody downloaded and installed the Open-Xchange 0.7.0 server? And if so, what client mail program can you use with it? Is there any Outlook-similar program to use with Open-Xchange?

Well, I've got some advice for you. First of all, it would be best if you install (if it hasn't already been installed yet) (Webmin.

You can then configure your server using a webbrowser. Go to https://server's ip address:10000 and the Webmin page should come up asking you to login as root. With webmin you can easily check all the logs files (you can find them on the System tab), and log files could tell you more about a possible hack attempt.

Also, most routers have a built in firewall, my Zyxel has one and it actually works pretty good.

I'm also having a problem with my wireless connection. Let me explain my config a bit.

I got eth0 (internal NIC) which has the address 192.168.117.xxx. My eth1 is my wifi card, it has 10.0.1.xxx as its address, which is in the same range as my home network. Ok, link is up and running, I can ping my wireless AP, my adsl router, my server etc. but I have to change the broadcast address on eth1 with ifconfig eth broadcast 10.0.1.255 or else I can't.

But when I try to ping a website, it says ping: unknown host yahoo.com. When I try to ping an internet ip address I get connect: Network is unreachable. The gateway for my computer is set to my adsl router, but it just doesn' t seem to act as a gateway for my wifi connection, for the rest of the network it does, ofcourse. Any suggestions?

I've just got my Asus wl100-g card to work in my laptop (finally) only I don't like

the configuring part with iwconfig. Is there a GUI tool for KDE available to configure wireless settings like ESSID, encryption, channel etc.?

Do you have an Asus WL100-G pcmcia card? I recognize the Broadcom chipset you mention although I am not sure if my Asus card has exactly the same chipset, but I think so.

What I've used to get my card to work is Linuxant's Driverloader (www.linuxant.com), it was a bit of struggle but now I almost got it working the way I want to. I think you should give it a try, it costs $19,95 but you can try it out for 30 days and their support is pretty fast in case you get stuck.

Well I tried so many things but it kept not-working, so I removed Postfix and re-installed it again, adjusted the main.cf somewhat and voila..it works!

Thanks for the help.

Thanks for your help so far, it didn't make a difference yet though. I deleted all the (standard) comment from the main.cf, maybe you can take another look it's easier to read now.

Well now my server accepts SMTP connections, only Postfix doesn't really know what to do with it... When I try to send an email to myself from my office, this is what comes into my root mailbox:

Out: 220 ravenrealm.demon.nl ESMTP Postfix (20010228)
In: EHLO mail.xxx-xxx.nl
Out: 250-ravenrealm.demon.nl
Out: 250-PIPELINING
Out: 250-SIZE 10240000
Out: 250-VRFY
Out: 250-ETRN
Out: 250 8BITMIME
In: MAIL FROM:<johan.xxxxxxx@xxx.com> SIZE=1361
Out: 250 Ok
In: RCPT TO:<johan@ravenrealm.net>
Out: 451 <johan@ravenrealm.net>: Temporary lookup failure
In: QUIT
Out: 221 Bye

Here's a link to my main.cf...

main.cf

Ok, I removed my firewall from the network, now my router forwards specific ports to my web/mailserver. And now, it does not accept SMTP connections from outside!

However, when I go to my website from the office, it loads. So port 80 is being forwarded correctly, and being accepted by my server. Port 25 and 110 are not, I can not telnet domain 25/110 to it. Any idea?

It seems to me you don't have the same problem as I had. What I understand from your story is, that you can receive emails fine on your system from other people, but when you try to send emails your messages get rejected by the other server. Right? So incoming SMTP connections (port 25) go through to your server and you receive mails. But when you send mails through that same server, it has to make an outgoing connection on port 25 directly to another SMTP server.

If this is correct so far, you can try setting up postfix to send mail through your ISP's smtp server, and see if it works then.

Ok, after rebooting the Postfix server it works! I think maybe setting inet_interfaces=all might have done the trick. I did a postfix reload after changing that line (it was commented with a #) but that apparantely wasn't enough.

Now only to get my firewall forwarding to that pc... ;)

thread

iptables is not installed on my postfix server, so I guess that can't block port 25. However, when I do a telnet 192.168.117.156 25 on that postfix server, it doesn't work, could it by my firewall pc not allowing that? I can't think of something else.

And when I do a telnet 192.168.117.156 80 from my firewall (to my postfix pc) it works, Apache2 "answers". So why doesn't Postfix answers?

Interesting, I can connect to the postfix server from the same machine, so:

telnet 127.0.0.1 25

I can also connect to the firewall from that pc...

I went to Mandrake Control Center, and then to Security - Level and Checks.

There the machine is set to Standard and the description for that level is that it's best when the computer only connects to the internet as a client. Should I change it too poor since I have a firewall?

How can I delete those old unnecessary rules btw?

Well, my firewall is running SuSe 9.0, there is no sysctl.conf on that system.

I also did this:

iptables --table nat -I PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.117.156

But it didn't make any difference. The new rules (tcp and udp) are above the older ones where I used eth0.

Ok, I did it with the -I PREROUTING without giving it a number though, and when I do a iptable -nvL -t nat I get this:

abbath:/ # iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 1143K packets, 51M bytes)
pkts bytes target     prot opt in     out     source               destination 
   0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:80 to:192.168.117.156
   0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 to:192.168.117.156

Chain POSTROUTING (policy ACCEPT 9951 packets, 1367K bytes)
pkts bytes target     prot opt in     out     source               destination 
13102 1193K MASQUERADE  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0  

Chain OUTPUT (policy ACCEPT 27740 packets, 3290K bytes)
pkts bytes target     prot opt in     out     source               destination

Does this looks good? Because it still doesn't work..and the pc does accept telnet ip 80...

In my firewall, eth0 is my internal network card and eth1 the external network card, connected to my DSL modem/router which forwards everything to the ip of the external interface.

I've set the inet_interfaces = all in the main.cf, refreshed postfix, but it still says

Connection refused. If I do a telnet ip 110 it does work, the POP3 server answers.

Telnet is not installed by default with Mandrake 10 I noticed, so I can't test that...

And Postfix is running I checked that with postfix reload

Yes, it is running. The pc running postfix only has one network interface, but it does have to be visible on the internet. My firewall is setup to forward port 25 to that pc. However it doesn't even accept telnet on port 25 from my inside network.

No it does not accept anything at port 25, and there is no firewall running on it. And Postfix is running I checked that with postfix reload

Ok, looked there but SMTP is not in that list...What's best to do now?

Hello everyone,

I got a little problem with getting ports forwarded with iptables. On a different forum, someone told me that

iptables  --table nat  -A PREROUTING  -i internalinterf  -p tcp  
         --dport portnr.  -j DNAT --to internalip

should do the trick. However, my firewall does not forward anything at all...

When I do a iptable -L , I get a listing of my active rules as far as I know? Anyway,

I don't see any port forwarding rule in there. Am i doing something wrong?