Try this: LAN_IP=$(ifconfig eth1 | head -n 2 | tail -n 1 | cut -d: -f2 | cut -d" " -f 1) ipatbles -t nat -A PREROUTING -i *EXT-NIC* -p tcp --dport 25 -j DNAT --to_destination *POSTFIX-IP* iptables -t nat -A POSTROUTING -o *INT-NIC* -p tcp --dport 25 -j SNAT --to-source $LAN_IP iptables -A FORWARD -i *EXT-NIC* -m state --state NEW -p tcp -d *POSTFIX-IP* --dport 25 -j ACCEPT EXT-NIC = your external Network Interface (eth0, eth1...) INT-NIC = your internal Network Interface (eth1, eth2...) where your Postfix Server is connected to POSTFIX-IP = The IP of your Postfix Server That should work. Mit freundlichen Gruß / Best regards / Meilleures salutation / Met vriendelijke groet Peter Gehle Systemberatung Gehle GmbH Im Bahler Grund 5 D-49413 Dinklage Germany Phone : +49 4443 9796-12 Fax : +49 4443 9796-29 www.sbgit.com Original Message processed by Tobit InfoCenter Subject: tcp packets on 25 port FORWARDING (12-Mrz-2004 10:50) From: stanislav.puffler@xxxxxxxxx To: peter.gehle@xxxxxxxxx Hi there, I need to forward all tcp packets with port 25 (SMTP) from Internet to machine in my network. My settings (eth0 = internet IP, eth1 = 192.168.200.1 - dmz IP connected to another machine with Postfix, eth2 = 192.168.0.1 - gateway - LAN). Have opened port 25 and setup rule : iptables -t nat -A PREROUTING -p tcp -dport 25 - i eth0 -j DNAT -to 192.168.200.2:85 iptables -A FORWARD -i eth0 -p tcp -d 192:168.200.2 -dport 25 -m state -state NEW,ESTABLISHED,RELATED -j ACCEPT But it still doesn't route tcp packets on port 25 to my Postfix computer :o( If I try telnet 192.168.200.2 25 from FW it works, if I try this from Internet, it doesn't work :o( Any ideas ? Thanks a lot. Stan. To: stanislav.puffler@xxxxxxxxx Cc: netfilter@xxxxxxxxxxxxxxxxxxx
