Alexis (..@..com) wrote: > in fact if you do > > iptables -t nat -A PREROUTING -d host1 -p tcp --dport 33 -j DNAT --to > host2:44 it keeps the original sender ip. > > if you want to change the sender ip to host1:33 you need to do this > doing a POSTROUTING rule to do SNAT in this connection. > > I hope it helps > > please read > http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html Thanks for taking the time to answer! Yes, I've read that manual a few times by now but I still doesn't really understand what's going wrong. If I just use the rule you sent above, a connection with telnet is just "hangning". If I add the SNAT-rule it works, but the sender's IP will be altered to host1 (the first server). iptables -t nat -A PREROUTING -p tcp --dport 33 -i eth0 -j DNAT --to host2:44 iptables -t nat -A POSTROUTING -d host2 -p tcp --dport 25 -j SNAT --to host1 Why I want this is because I'm moving one SMTP to another location. So from the postfix logs I get this: Dec 9 19:27:56 mail postfix/smtpd[20692]: connect from host1[x.x.x.x] host1 shouldn't be there, the original sender should. I'm clueless. :(
