Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => General Networking Support in Linux => Topic started by: Mba on March 19, 2004, 12:44:00 PM
-
I have implimented a squid HTTP cache server on a RedHat 9.0 machine for my ISP running WCCP , so my edge router redirects all incoming packets to the server. We have a mail server on the network with a public IP address and our e-mail clients sitting on other networks cannot access the mail server. This has limited SMTP and POP3 access to only clients sitting on our network.
Please, l will greatly appreciate your assistance in solving this problem. Can it be that I need to issue some comands to modify my iptables?
Pleaase help
Mba Ijere :wink:
-
You can use smtp and pop port forwarding on your router if it is a computer.. otherwise..
Please give little more description..
-
I read your reply to my first mail and I think I have to give a more detailed explanation of the problem. I implimented a SQUID HTTP proxy server for my ISP using WEBMIN and enabled WCCP on it and the edge router so that all packets into our network will be reditected to the SQUID server for caching. I also configured the server to do transperent proxing and implimented the redirecting rule;
iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
to direct all http packets on port 80 to port 3128 that squid uses.
The server was up and running. But I soon started getting complains from our e-mail clients on different networks outside our network ( 80.x.x.x) that they couldnt access their mails on http://mail.a*****.com. Infact when they try to open the page it returns a , " Page cannot be displayed" message. But they can access their mails through Outlook Express. I must point out to you that this mail server sits on our network ( 80.x.x.x). I would very much appreciate your assistance. Thanks
Mba
-
well.. it is little unclear.. but can you tell me that are people outside ur network are able to access http://www.a*****.com ?
BTW.. have you tried that people outside your network are able to access others resource not just the mail domain ?
-
Hi,
Thanks for your quick response. The only internal resource on our network that people need to access from outside is the mail server with the http link i gave you ( not the real link though). And they come in when the SQUID server is turned off. So I feel there an iptables command that I have to issue on the SQUID server to allow them to the mail server. Please I stand corrected if I am wrong.
Mba
-
Ahh..
I got it .. Actually you are trying to give access to your mail.xxxxxx.com which is behind proxy so wht you need is to allow users from src 0/0 to access mail.xxxxx.com in your network and thus your problem should be solved.
Try this..
acl maildomain mail.xxxxx.com
acl allow maildomain all
here all is your 0.0.0.0/0.0.0.0 ie whole internet as it should be already defined in your acl . I am little unsure here that is do squid read 2nd line as maildomain OR all .. maildomain AND all
BTW.. implement it and check it that people outside the network are not able to access any other resource then the domain ..