monline

Here's the problem: you're allowing access to some ports of your server based on source IPs. This is common practise, even if it's not 100% secure (since source IPs can be spoofed in certain situations). However what if you've no fixed source IP address(es) (which is common practise too) that you can feed into iptables rules? You can register a domain name at a dynamic DNS provider (eg. dyndns.org) and have your client (a DSL router or a client app on your PC) automatically update the IP of that domain name, whenever your client's internet connection get's up. But still, iptables does not allow use of domain names in firewall rules (and it's good so ). Here's where my script comes into play. It allows you to specify a list of domain names and destinations (host+port) for which the script will automatically generate permitting iptables rules.

DD-WRT has a lightweight, caching DNS proxy with integrated DHCP(+TFTP) server built in (dnsmasq). It's well suited for use on your home LAN and has a number of options so you can tweak it to your needs. You can add these options in DD-WRT's config in the "Services" tab in the "Additional DNSMasq Options" textarea. Here're the options I use ...

I did not know how exactly MTAs work, when they try to deliver a mail to the recipient. airwin helped me out: the MTA tries to look for an MX record for the given domain name. If found, then the given mail server is contacted. If not, then the host with the given domain name is contacted directly.

This article at macosxhints.com describes it pretty well. You've to use the scutil utility.