I have 2 mail servers behind Cisco firewall ,both the mail servers have different domain configured on them ,but when I try to send emails from server1 to server2 it dont go and also I am not able to receive emails in between two servers,after checking logs I found that the two server are not able to connect each other on SMTP port with public IP .
I am not able to connect any of my server with public IP behind firewall.
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
Which ports should be open for a mail server for INPUT CHAIN? When I use firewall rules (allow just a few ports), some users complain that they're not receiving messages from other domains. When the firewall is disabled these ports show as open:
Code:
Not shown: 9987 closed ports
PORT STATE SERVICE
21/tcp open ftp
[code]....
Which ports should be enabled?
My courier server cannot recieve mail.
My freebsd installation has worked for quite some time w/o problems.
I'm using ubuntu as a replacement and have tried using the same settings from my previous server.
I keep getting the following error.
courieresmtpd:
Our primary mail server is Exchange 2003 Standard on Windows Server 2003 Standard - don't shout at me; I inherited it already set up this way.I have a couple of hardware identical redundant servers (HP ML350 boxes), all with very fast 2 or 4 disk arrays, multiple core CPUs and plenty of memory, and I am looking at two potential new additions to the infrastructure.
A secondary mail server is high on my list of priories. I've been well and truly bitten by Exchange in the past and given that this particular box has been running four years straight and that it's mail store is dangerously large, having a secondary mail server in place suddenly makes a lot of sense.
A new Exchange 2010 box is currently being set up, but the secondary mail server will remain in place even when the new Exchange server is brought online, so this won't be a wasted exercise.... I also want a gateway box in place to filter and relay mail to the primary server, or to the secondary server if the primary is unavailable. Currently our outer perimeter is:
ISP supplied CISCO router
Draytek VigorPro 5510 UTM
Untangle running in bridged mode (primarily used for SPAM filtering, URL blacklisting, and very little else) Exchange 2003 sits behind the Untangle box. This is how I want to end up:
CISCO >> Draytek >> Ubuntu gateway >> Exchange/secondary mail server
I know I could replace/remove the Draytek but I want it to remain for several reasons, including lots of VPN dial-in users already configured and that it offers us an additional layer of email antivirus scanning before things hit the Exchange box. No point switching all of our remote workers over to new tunnels unnecessarily...
I have done some research and have started testing a pilot secondary mail server using Ubuntu/postfix DNS is properly set up and MX records and reverse PTR records are all present and correct, and things are looking encouraging so far. Before I go out over deep waters and start to flounder, has anyone who has done something like this got any obvious howlers I should be looking to avoid ?
Two exchange servers internally. One is setup for example.com (192.168.1.10) and the other is setup for example2.com (192.168.1.20) Both are behind a single public IP.
I want to use postfix to sit in front of the two exchange servers. Postfix will accept mail for both domains and relay to the appropriate server. I have postfix installed with only defaults at this point.
I set up my mail server using the guide here: [URL] I am able to receive mail, I can send mail locally, but I can't send to external addresses. This is in my mail.log: Quote: Jun 30 14:40:43 Server postfix/smtp[10725]: 2FD9322015BF: to=<myemail@gmail.com>, relay=none, delay=1634, delays=1484/0.02/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[74.125.65.27]:25: Connection timed out)
This is my main.cf:
[Code]...
The scenario: We have an external server that runs HTTP/DB servers for out shop system. Then, there's our local, in-house infrastructure that runs a.. yeah... Exchange 2010. The shop system on the external server needs to send mails to customers (order confirmations, invoices, etc.). seing as sending them directly through the local MTA (Postfix) would cause mail delivery problems because of reverse DNS issues, i've set the Postfix MTA to act as a satellite to our in-house Exchange Server, so the Exchange sends the mail instead, giving recipient mail servers a valid reverse DNS lookup.
Now, mails sent by the (proprietary, uneditable) shop system are relayed correctly and sent to the target e-mail address. My problem is: Mails not sent by the shop system, but by our own PHP scripts which run on that same external servers, are NOT relayed properly. So the Exchange is fine with the mails sent by the shop system, but not the mails sent by our scripts. This is what i get in the mail.log: The successfully relayed mail sent by the shop system:
[Code]....
I have a problem relate to posttfix.I want to mirgare postfix mail server to exchange 2010 mail server but I can't do it,u can help me.You can show me have to do configure postfix and exchange how to?
View 1 Replies View RelatedHow do I make a local mail server that itself is a client to a WAN mail server.I want the local mail server to query new mail every 30 minutes from the WAN server.
View 6 Replies View RelatedI use Evolution mail and use 2 PCs When I send mail it saves it to my current PC but not to the other PC so instead i want it to save the sent to the email server i'm using.
View 3 Replies View Relatedi have an server which have my site on it, server have an public ip and site works fine..the thing that i done to enable mail server is :
1.select sendmail option as mail server(in joomla).
2.install and configure sendmail in server (which ubuntu installed on it )
**if i use my website locally mail server works fine i can send message and receive , but when i use web site from Internet mail server seems not working at all
I handle several hundreds of domains. Mails are handled with google apps (but previously I used to have a full postfix/courrier setup with virtualhosting). Now what I need is to be able to send mail (newsletter etc...) from my web servers, but I don't need to receive mail on these servers.
View 4 Replies View RelatedHow do I get my firewall up and running to secure the ubuntu servers.. I have 2x network cards & 1x pppoe connection atm.
eth0 192.168.1.200 / eth1 192.168.0.200
and the ppp0 connection
iptables looks like this so far.
# Generated by iptables-save v1.4.4 on Thu Dec 9 11:12:04 2010
*nat
PREROUTING ACCEPT [108:8763]
:OUTPUT ACCEPT [52:3594]
POSTROUTING ACCEPT [111:10071]
COMMIT .....
A far as I can see my ppp0 connection is open atm & I would like to close off any traffic except ports 80 10000 5900 21 & 22.
I have a computer which has a public IP.My ISP has allowed only port 22 for my machine to be accessed outside from internet.I want rest of my computers which are connected to this machine be accessible via SSH on internet.I can configure IPTABLES to route different ports to internal machines but since ISP has given only one port for the gateway how can I go for it any guesses.I came across some thing reverse SSH tunneling but that has to keep the connection alive all the time at gateway I want my trusted people to be directly able to access the machines on LAN to which they have account to login in this scenario.
View 9 Replies View RelatedMy isp gave me a router which has wifi.
I added an ubuntu box acting as a router, so the layout is this:
Now, the lan has 192.168.2.0 subnet, and the external interface of the router is in the 192.168.1.0 subnet
So the problem is that the wifi assigns 192.168.1.0 ip's which doesnt belong or get filtered through my router/firewall...
I am having a little trouble setting up a NAT firewall using iptables. I have 1 PC dedicated to being the firewall running Ubuntu 10.04 LTS. There are 2 NICs in this PC. One NIC is connected to the modem & the other is hooked into my router, sharing the connection through to the other PC on my LAN. Thing is that I am having troubles setting this up using iptables. I have it sharing the connection, but can't seem to make it forward 2 ports through to my webserver on the LAN. I am also wanting to setup init.d to control iptables. I have been trying to google this, but haven't found anything useful to get this accomplished. I put the following into rc.local to make the forwarding work:
/sbin/iptables -F
/sbin/iptables -N block
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -A block -j LOG
/sbin/iptables -A block -j DROP
/sbin/iptables -A INPUT -j block
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
I am having trouble getting ports to open, on the router that the server is connected to it is set to DMZ, so everything passing through the router should go to the server right? but when I use a port checker none of the ports that I need to be open are. so my question is does ubuntu have a built in firewall that no one told me about? or something that would block me from having the ports open?
View 3 Replies View RelatedI have linux server setup on a network with 2 interfaces. One (eth0) is connected to the regular network and the other (eth1) has a DHCP server and transparent web cache listening on it. The machines connected on the eth1 side are on a different subnet and the linux server is there gateway. Untrusted machines are introduced to this network to keep them isolated.
This isolation works well, too well. There are a small set of resources on the regular network I would like to make available to machines on untrustworthy network. I think I need to use iptables but alas I've had no luck in piecing together the command I need (in one case looking myself out and having to physically reset the machine).
So what I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 1 Replies View RelatedI currently want to set up a network with 2 Ubuntu servers (mail and web) in a DMZ in order to separate them from an internal network. I want to use a dedicated Linux firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem (router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, I think it's 1 or 2, interfaces in a DMZ.
But, when I think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ (I think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?). What I mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?
I will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
I have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
I want to set up Ubuntu Server as a firewall in which I want to direct my internet connection through where Ubuntu Server will block, filter, and monitor anything that come into either three of my computers using the same internet connection. Is this easy to do? sum up the steps that I will have to go through to establish this, and any relevant information, and where I might be able to find necessary information etc. I plan to use ubuntu-10.04.2-server-i386.
View 3 Replies View RelatedMy scenario is similar to this person scenario: http:[url]......Here at the clinics, we already have established leaf/shorewall firewalls. Our domain controllers are win2k3 boxes.I've installed ubuntu 9.10 on a sound desktop/server and installed two nics inside that box.How do I make Dansguardian talk to our domain controllers, and give users access to the internet via established groups? What would be the best way to do this?
View 2 Replies View RelatedIf this gets moved I apologize for putting it in the wrong place...Purpose of server: RED GREEN ROUTER for SOHO or PARENTAL CONTROL Block known bad URL,IP... ie porn, malware, ads, others Block Good URL,IP if Desired by OWNER Scan mail protocols for viruses out and in if out is found log and mail MASTEROSSIBILTY??? scan all protocols in and out for viruses n block log out block log and mail MASTER a server build log and possibly a step by step assist for new users.Version of ubuntu server 10.04Hardware Gateway Pentium 4 2 network cardsUse of server RED GREEN ROUTER FIREWALL that blocks site list from shalla and my own list. general use would be for SOHO or Parental controlpick language...pick it again???...country...no...country for kb...kb layout...eth0(as RED)me it...timezone...HDD choice(i used guided-use entire disk)...user...proxy if needed(not for RED GREEN ROUTER!!!)...updates(i picked auto)...LAMP,openssh, mail server ...sqlpassword...grub...done
then
login as user/pass created in install
run following
[code]...
I installed ubuntu server and got it set up, and im trying to install shorewall as a firewall, but whenever i do sudo apt-get install shorewall i get a package not found error.
View 5 Replies View RelatedI suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.