re: port forward question

[Mike Hoskins <mike () adept org>]

Date: Wed, 30 Apr 2003 08:05:43 -0400
From: "Robert E. Martin" <rmartin () fishburne org>
Subject: [fw-wiz] port forward question
> I have a web server inside a port fw box. This is a NAT box that runs
> iptables to allow port forwarding to a web server. I want to run a form
> script on the web server....formmail.cgi. The web server is a linux box
> with sendmail. Should I have port 25 open to the world to allow this
> form to work? I am kind of new to this so be gentle.

Make sure you keep up to date with formmail.cgi.  It's fairly notorious,
at least historically...  And checking the script's website,

http://www.scriptarchive.com/formmail.html

"SECURITY UPDATE ... UPGRADE IMMEDIATELY" is the first thing I see.
Granted, I see that on a lot of pages these days.  ;)

> I suppose the real question here is , How do I allow sendmail to _send_
> _mail_ from a dnat'd web server?

I've got mail hosts that only need to send in a few places... development,
integration and QA networks for example.  All of them sit behind NAT
devices.  Some just get translated through PIX globals (PAT) and others
have static NAT entries...  But none of them have port 25 open to the
'Net.  So if you just want to send mail, you'll need an appropriate MTA
and a network connection with DNS servers capable of finding MX records
for the domains you wish to contact.

-mrh

--
From: "Spam Catcher" <spam-catcher () adept org>
To: spam-catcher () adept org
Do NOT send email to the address listed above or
you will be added to a blacklist!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards