Hi Antony > On Thursday 22 April 2004 7:18 pm, test@xxxxxxxxxxxxxxx wrote: > >> > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to >> > > 192.168.0.6:25 >> > >> > I don't believe that can be your complete ruleset. >> > >> > I see nothing wrong with the above rule as it stands, however on its >> own >> > it's not much good - you need a FORWARD rule to allow packets through >> to >> > the mail server as well. >> >> Can you give me an example of the forward rule set. > > iptables -A FORWARD -d a.b.c.d -p tcp --dport 25 -j ACCEPT > > where a.b.c.d is the real (internal) IP address of your mail server. > I modified my script as suggested by you but no luck >> > Anyway, I thought (I may be mistaken) that the problem was not with >> the >> > inbound DNAT, but with SNAT? > > I repeat the statement immediately above. > >> Or shall I attach my complete bash script ? (is it ok ?) > > Please do post the smallest ruleset which demonstrates the problem (ie it > allows access to your internal mailserver, but all accesses appear to be > from > the firewall's IP address). > Please find below the SMTP log of my email server ++++++++++++++++++ @4000000040890aad255365a4 tcpserver: pid 30530 from 192.168.0.151 @4000000040890aad2a6f2e9c tcpserver: ok 30530 mail.localmail.com:192.168.0.6:25 :192.168.0.151::1592 ++++++++++++++++++ Please note Firewall IP = 192.168.0.151 Email Server IP = 192.168.0.6 Regards Joel
