On Tuesday 14 February 2012 15:21, the following was written:
> Is there a way to add a rule to the nat table (CentOS 5.7) that would
> alter the port number of tcp packets destined for the server itself? I
> have ip_forwarding enabled, but the packets don't seem to hit the
> prerouting chain.
>
> I have the following redirect rule in the prerouting table. I also
> tried DNAT, but if the packets don't hit PREROUTING, it won't work either.
>
> iptables -t nat -L -v -n
> Chain PREROUTING (policy ACCEPT 16079 packets, 896K bytes)
> pkts bytes target prot opt in out source
> destination 0 0 REDIRECT tcp -- * * 10.10.10.0/24
> 0.0.0.0/0 tcp dpt:25 redir ports 12345
>
>
> aspen 2# cat /proc/sys/net/ipv4/ip_forward
> 1
Where are you applying this rule? On a firewall or on the SMTP server itself?
If the firewall then you need to use DNAT
Example:
iptables -t nat -A PREROUTING -p tcp --dport <Port> -j DNAT --to-destination
<Server IP>:<Port>
If you only want this to happen on the inside of the firewall then you are
also going to have to include the interface you want this rule to apply to.
If it is on the SMTP server itself then you don't need forward to be turned on
and you need to use REDIRECT
Example:
iptables -t nat -A PREROUTING -p tcp --dport <Port> -j REDIRECT --to-ports
<Port>
Also make sure no other rule is filtering the packets before this rule because
if the packets are altered then this rule will never be used.
--
Regards
Robert
Linux
The adventure of a lifetime.
Linux User #296285
Get Counted
http://linuxcounter.net/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
