Squid. Pop3/SMTP. Firewalld based Linux.

Imagine that you have installed Squid on firewalld based system.
First interface (eth0) connected into internal network and second (eth1) to internet.
To allow client browsing you can use http_access, but if you want to enable client to use for example pop3 or smtp (which squid is not support) the only way is sNAT.

I can find how to enable NAT for all ports (Masquerading, snat) and how to nat port with iptables, but cannot find how to limit it by ports trough firewalld.
Most of Linux admins advice to downgrade to iptables. Here is how to do that with firewalld:

Leave a Reply

Your email address will not be published. Required fields are marked *