Am Mon, 2003-12-08 um 02.39 schrieb TN: > Currently, laptop users internal to the network need to then become > external when they work external to the LAN, and they have to either > setup 2 different email accounts (one using the internal email server IP > address, and one using the external IP address), or they have to > remember to change their server settings each time they move from > internal to external and vice-versa. Both of these are a pain for them. > It doesn't work, the email client just times out, as if I'm still > blocking some part of the data stream. > What am I doing wrong ? > The client can reach the mailserver alright, but the mailserver tries to respond directly to the client using the wrong IP-Address. Easiest solution: Apply both DNAT and SNAT at the same time. Add the following rule: iptables -t nat -A POSTROUTING -p tcp -m multiport --dport 25,110,143 -d 192.168.10.12 -s 192.168.10.0/24 -j SNAT --to <firewall-ip> Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: VPN mit Linux Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
