Hello,
Could someone help me with the configuration? I’m concerned mainly about the stateful firewall settings.
Sorry for my bad English.
what is the problem?
Can you post your current config (export compact) so we can review what you have.
A simple, straight forward firewall setup would be:
- accept all input from eth2 and eth3
- do masquerade on eth1
- forward all from eth2 and eth3
- forward established + related from eth1
- dnat incoming icmp, smtp (tcp/25), pop3(tcp/110), imap(tcp/143), http(tcp/80), https(tcp/443) from eth1 to server IP
(you probably need udp/53 dnated also for server’s DNS service) - drop anything else
Fine tune later for hairpin for the internal network (dnat from eth3 to public ip to server ip).
marius