Hi Joel > >> test@xxxxxxxxxxxxxxx wrote: >> >>>Hi All >>> >>>I am new to Iptables & Firewall. I have 2 servers (web & email) running >>>behind firewall. I have DNAT rule on my firewall, so any request hitting >>>on port 25, 80, 110 are DNAT to internal servers. Inturn my internal >>>servers (web & email) feel these requests were received from firewall ie >>>internal ip and can be trusted. >>> >>>I want these DNAT request to be forward with their original ip address >>> and >>>not as coming from firewall ip. >>> >>>Please advice my firewall rule is as follows : >>> >>>iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 25 -j DNAT --to >>>192.168.0.175:25 >>> >>>Regards >>> >>>Joel >>> >> The way DNAT works it changes ONLY the Destination IP, not the Source >> IP, so the packets WILL still appear to be from the original source. If >> you are NOT seeing them as such, then you have a SNAT rule affecting >> them, perhaps something like: >> >> iptables -t nat -A POSTROUTING -j MASQUERADE >> or >> iptables -t nat -A POSTROUTING -j SNAT --to 192.168.0.254 >> Yes I do have "iptables -t nat -A POSTROUTING -j MASQUERADE" And as suggested by you I have modified the above rule with respective nic. But no luck. Joel can you please advice me on what rule set to use on my firewall. I want users from outside to come in for POP & SMTP. But I want their request to be forwarded with their real ips and not firewall ip. Thanks for your help Regards Joel
