1. Manuals
  2. Brands
  3. ESET Manuals
  4. Software
  5. NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER
  6. Installation manual

ESET NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER Installation Manual page 21

For linux/bsd mail server
Hide thumbs
Table of Contents

Advertisement

case you use ipchains (resp. iptables) tool for network filtering an appropriate rules will be as follows.
Kernel 2.2.X:
ipchains -I INPUT -p tcp -s 192.168.1.0/24 -d 0.0.0.0/0 25 \
-j REDIRECT 2525
Kernel2.4.X:
iptables -I PREROUTING -t nat -p tcp -s 192.168.1.0/24 --dport 25 \
-j REDIRECT --to-ports 2525
Now all the communication arrives to the nod32smtp that can be checked in the module logging output. Note
that the port 2525 with this setting provides an open relay as nod32smtp accepts all the packets that arrive on port
2525 (including packets from outside the local network). The daemon nod32smtp forwards this traffic to port 25 that
is interpreted by MTA as a local communication on the so called loop-back interface and therefore will not be rejected
by MTA rules. You can solve this problem by ensuring that all communication with port 2525 will be disabled except the
local network communication. Use following ipchains (resp. iptabels) rules to do so.
Kernel 2.2.X:
ipchains -I INPUT -p tcp -s ! 192.168.1.0/24 -d 0.0.0.0/0 2525 \
-j REJECT
Kernel 2.4.X:
iptables -I INPUT -p tcp -s ! 192.168.1.0/24 --dport 2525 \
-j DROP
Note that the BSD OS uses ipfw tools for network filtering. Thus in case of BSD OS an appropriate rules for
communication rerouting from the LAN arriving on port 25 to port 2525 will be as follows.
natd -interface xl0 -redirect_port tcp 192.168.1.10:2525 25
where xl0 is the network interface of the server computer with IP address 192.168.1.10. To add the diverting rule
into the ipfw firewall you have to enter following rule.
/sbin/ipfw add divert natd all from any to any via xl0
Note that in order to have ipfw firewall and natd daemon working properly, the BSD OS kernel has to be compiled
with the options IPFIREWALL and IPDIVERT. Moreover the following options has to be written into '/etc/rc.conf' .
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
Now all the communication arrives to the nod32smtp that can be checked in the module logging output. Note
that the port 2525 with this setting provides an open relay as nod32smtp accepts all the packets that arrive on port
2525 (including packets from outside the local network). The daemon nod32smtp forwards this traffic to port 25 that
is interpreted by MTA as a local communication on the so called loop-back interface and therefore will not be rejected
by MTA rules. You can solve this problem by ensuring that all communication with port 2525 will be disabled except the
local network communication. Use following ipfw rule to do so.
ipfw add deny tcp from not 192.168.1.0/24 to 192.168.1.10 2525 via xl0
chapter 4 / Integration with E-mail Messaging System
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER and is the answer not in the manual?

Related Manuals for ESET NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER

Related Products for ESET NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER

This manual is also suitable for:

Nod32 antivirus system

Table of Contents