I am trying to trace a problem I have in redirecting my mail traffic to a different ISP. I have set up a whole bunch of logging rules but am still a bit mystified and could use some clarification.... The setup (shortened somewhat for this example): Cable connection coming into a firewall/router going to a mail server in the DMZ. The interface on the firewall/router that the cable uses (to the internet) is eth0. The interface on the firewall/router to the DMZ is eth3 I log all (I believe) destination port 25 packets going thru the firewall. The current setup does not do any redirection of traffic to port 25 - everything goes out the default interface eth0 and the whole setup works. I am trying to get a baseline as to what I should see when I do the redirection later on. To run my test, I am on the mailserver box and I initiate a telnet to a remote ISP's mail server on port 25. The log messages I see are as follows: the first packet shows a traversal thru the nat filters as expected The source and destination IP's are always the same - the source is always the ip of my mail server and the destination is always the ip of the remote ISP's mail server mangle preroute in eth3 src <Mailserver> dst <destination of mail> nat preroute in eth3 mangle forward in eth3 mangle postroute out eth0 the second packet no longer shows traversal thru the nat filter mangle preroute in eth3 mangle forward in eth3 mangle postroute out eth0 The things that I am having problems understanding are: 1) I see the packet going into eth3, doing the preroute, the forward but I see no postroute on eth3. I also don't see the packet going into eth0 or doing anything until it comes out the postroute table. Why isn't there anything in between ? 2) The connection I establish is from a local ip 192.168.1.2 to the ISP's mail server on the internet. The connection is fully functional so it's nat'ed properly. Why is it that I don't see the change of source IP in the mangle postroute (as the packet comes out of eth0 which is the internet interface) ? Why don't I see the address change anywhere ? I am sorry to ask such basic questions but this stuff is crucial in me figuring out what is happening and I have not managed to put the clues together from the documents and how-to's that I have studied so far. Thanks Jens _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
