[fw-wiz] re: port forward question

From: Mike Hoskins (mike_at_adept.org)
Date: 04/30/03

  • Next message: Barney Wolff: "Re: [fw-wiz] re: ipfw Configuration (Newbie Question)"
    To: firewall-wizards@honor.icsalabs.com
    Date: Wed, 30 Apr 2003 13:36:31 -0700 (PDT)

    Date: Wed, 30 Apr 2003 08:05:43 -0400
    From: "Robert E. Martin" <rmartin@fishburne.org>
    Subject: [fw-wiz] port forward question
    > I have a web server inside a port fw box. This is a NAT box that runs
    > iptables to allow port forwarding to a web server. I want to run a form
    > script on the web server....formmail.cgi. The web server is a linux box
    > with sendmail. Should I have port 25 open to the world to allow this
    > form to work? I am kind of new to this so be gentle.

    Make sure you keep up to date with formmail.cgi. It's fairly notorious,
    at least historically... And checking the script's website,


    "SECURITY UPDATE ... UPGRADE IMMEDIATELY" is the first thing I see.
    Granted, I see that on a lot of pages these days. ;)

    > I suppose the real question here is , How do I allow sendmail to _send_
    > _mail_ from a dnat'd web server?

    I've got mail hosts that only need to send in a few places... development,
    integration and QA networks for example. All of them sit behind NAT
    devices. Some just get translated through PIX globals (PAT) and others
    have static NAT entries... But none of them have port 25 open to the
    'Net. So if you just want to send mail, you'll need an appropriate MTA
    and a network connection with DNS servers capable of finding MX records
    for the domains you wish to contact.


    From: "Spam Catcher" <spam-catcher@adept.org>
    To: spam-catcher@adept.org
    Do NOT send email to the address listed above or
    you will be added to a blacklist!
    firewall-wizards mailing list

  • Next message: Barney Wolff: "Re: [fw-wiz] re: ipfw Configuration (Newbie Question)"