Re: Redirecting outgoing SMTP from LAN to another LAN server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Apr 29, 2004 at 04:47:57PM +0200, Sven Schuster wrote:
> On Thu, Apr 29, 2004 at 11:37:57PM +1000, Alexander Samad told us:
> > On Thu, Apr 29, 2004 at 10:59:49AM +0100, Gavin Hamill wrote:
> > > Hullo :)
> > > 
> > > I'd like to do $SUBJECT, but after much playing with commands like
> > > 
> > > iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 25 -j DNAT --to 10.0.0.253:25
> > 
> > what about 
> > 
> > iptables -t nat -A PREROUTING -p tcp -i eth1 -s ! 10.0.0.253  --dport 25 -j DNAT --to 10.0.0.253:25
> > 
> > I presume 10.0.0.253 is also on eth1.
> > 
> 
> The problem here might be that both the client and the server are on 
> the same physical network. This means
> 
> So assume we have a client (10.0.0.1) which wants to connect to a
> mail server (12.34.56.78) on the internet. So you DNAT the request to
> your internal mail server 10.0.0.253 at the firewall. Your internal
> mail server gets the request but will try to directly talk to the
> client, as in the packet the sender is still the original ip adress.
> (sorry if this is hard to understand, I'm not really good in 
> explaining things :) So you will additionally need a SNAT rule on
> your firewall, something like
> 
> iptables -t nat -A POSTROUTING -p tcp -i eth1 -s 10.0.0.0/8 \
>    -d 10.0.0.253 --dport 25 -j SNAT --to 10.0.0.xx:25

yeap, forgot about that
> 
> where xx would be the ip of your firewall. Now both the packets
> from the client to the server and the returning packets from the
> server to the client will travel through your firewall.
> 
> 
> HTH
> 
> Sven
> 
> > 
> 
> > > 
> > > I have given up and have come to you fine people for help...
> > > 
> > > My LAN is on eth1, with WAN on eth0. The gateway machine is 10.0.0.254 doing masq for 
> > > LAN clients, but I'd like to send any outgoing SMTP connections to 10.0.0.253 - alas 
> > > any time I've tried, I just end up killing ALL outgoing SMTP :(
> > > 
> > > Any suggestions warmly received!
> > > 
> > > Cheers,
> > > Gavin.
> > > 
> > > 
> 
> 
> 
> -- 
> Linux zion 2.6.6-rc1 #1 Sat Apr 17 11:50:12 CEST 2004 i686 athlon i386 GNU/Linux
>  16:37:12  up 8 days, 21:26,  1 user,  load average: 0.01, 0.01, 0.00

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux