On 11/4/05, Claudio C. <e1 underscore ch4c4l at msn dot com> wrote:
> I define rules for incoming traffic from the internet to ports 25 ,110 and
> 143 of my local address, that rules are in the WAN interface of m0n0, what
> about the DMZ interface? what rules do I have to define there? the source
> should be the DMS subnet or the local ip of the mail server? and the
> destination should be "any"?
you don't really need any rules on the DMZ interface, as it can reply
to permitted incoming traffic via states for the reply traffic. Put
in rules there for whatever you want the mail server to be able to get
to. I'd recommend a permit IP from any to any to start, then after
that works, lock it down better than that.