Thanks for your answer.
It will not work, since NAT rewrites the destination header, which is used by the pop3vscan proxy to find out the actual host.
But I found out later
iptaples -t mangling -p tcp --dport 110 -s ! <ip_host> -j ROUTE --gw <ip_host>
According to Cédric, the author of the ROUTE target, you need to use CVS for p-o-m and source, since there are some compatibility issues between the new patch-o-matic-20030107 with the old iptables-1.2.7a.
/Magnus
Rob Sterenborg wrote:
I want to redirect all POP3 requests back to my main server. POP3 requests from the main server is forwarded to the internet. Something like this.
------------ -------------------
! ! ! !
! Client !--------->! router/firewall !
! ! ----! !
------------ ! ->! - - - - - - - - ! ---->(Internet)
! ! ! !
! ! -------------------
------------- ! !
! !<----- !
! Server !--------
! !
-------------
I can scan all pop3 traffic for viruses by this method.
I believe this setup would be correct for proxying other protocols to. I would preferably be interested in also being able to redirect the protocol port too.
Is it possible to do this with the current netfilter release?
I am aware that there is good chance of unwanted loops with this setup
You mean to just DNAT port 110/tcp (pop3) to <ip_server> ? I assume : eth0 : inet eth1 : lan eth2 : dmz iptables -i eth0 [-o eth2] -d <ip_server> -p tcp --dport 110 -j ACCEPT itables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 --to-destination <ip_server> Rob