But could you now setup a IPTABLE rule that say: iptables -t nat -A PREROUTING -p tcp --dport 25 -j .... I would have to double check the reject target options to see if icmp redirects are part of them. Michael. On Tue, 9 Dec 2003 19:56:40 +0000 Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tuesday 09 December 2003 7:49 pm, Michael Gale wrote: > > > hmmm.... what about ICMP redirect ? > > > > I can not remember if the host you are redirecting to has to be on the same > > subnet as the client host :( > > Unfortunately ICMP redirects would affect ALL connections coming in to the > machine, SMTP, DNS, or anything else. > > I do not think this is what Örjan wants to happen. > > Antony. > > > On Tue, 9 Dec 2003 20:40:19 +0100 Örjan Persson <orange@xxxxxxxxx> wrote: > > > > > Antony Stone (Antony@xxxxxxxxxxxxxxxxxxxx) wrote: > > > > If it is not true that the real source IP and the real destination IP > > > > exist on the same interface of the netfilter machine, repost your query > > > > with a bit more detail and we may be able to help futher. > > > > > > The situation is that I have a hostname where there are both SMTP and > > > DNS services atm. The mail service is beeing migrated to another host, > > > and since I can't just change the IP for the hostname (would break DNS > > > services) I would like to have a temporary redirect to the new > > > mailservice for the SMTP-service, until the ppl using it has changed > > > their mail settings to use the new hostname. > > > > > > So, I have two external host with two external IP's. They exists on the > > > same subnet too. Both uses the same gateway. > > > > > > These are the rules I tried to use, which translates the users IP to the > > > first servers IP: > > > iptables -t nat -A PREROUTING -p tcp --dport 33 -i eth0 -j DNAT --to > > > host2:44 iptables -t nat -A POSTROUTING -d host2 -p tcp --dport 25 -j > > > SNAT --to host1 > > > > > > Hope that's enough information to get you into my problem! > > > > > > Thanks for letting me take your time! :) > > -- > It is also possible that putting the birds in a laboratory setting > inadvertently renders them relatively incompetent. > > - Daniel C Dennet > > Please reply to the list; > please don't CC me. > > -- Michael Gale Network Administrator Utilitran Corporation
