On Thursday 22 April 2004 2:06 pm, test@xxxxxxxxxxxxxxx wrote:
> Hi Antony
>
> > On Thursday 22 April 2004 1:42 pm, test@xxxxxxxxxxxxxxx wrote:
> >> Hi Antony
> >>
> >> Thanks for your reply, but my problem is as follows
> >>
> >> I have email server running behind my firewall. Now all request coming
> >> from internet are logged as if coming from my firewall. I want the
> >> request to be logged with source ip and not with firewall ip.
> >
> > I know that is your problem.
> >
> > I believe the change to your MASQUERADE / SNAT rule which I posted is a
> > solution to that problem.
> >
> > If it is not a solution, then post your current ruleset so that we can
> > think about it further.
>
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to
> 192.168.0.6:25
>
> Regards
>
> Joel
I don't believe that can be your complete ruleset.
I see nothing wrong with the above rule as it stands, however on its own it's
not much good - you need a FORWARD rule to allow packets through to the mail
server as well.
Anyway, I thought (I may be mistaken) that the problem was not with the
inbound DNAT, but with SNAT?
Regards,
Antony.
--
Software development can be quick, high quality, or low cost.
The customer gets to pick any two out of three.
Please reply to the list;
please don't CC me.
