I did that because of one reason - viruses/worms sending from infected computer by using mail server settings in the clients Outlook. But clients also have some other accounts and not only local so I get complains from my ISP and other that I am sending spam vith viruses. This way I redirect all smtp traffic to my server which requires client authentication. And if some worms/viruses have their own smtp server they are also redirected to my internal mail server which will block anauthorized relay attempt. Sasa V pon, 20.12.2004 ob 23:47 je Hudson Delbert J Contr 61 CS/SCBN napisal(a): > i guess i need to ask what role you play in the lan admin? > > i think it might be easier to modify mx type pointer mechanisms on the clients > instead of having the fw do all this wasteful redirs. they are wasteful > because you now where you want the mail traffic to go - this isnt clever. > its a way to perform this task but its not very elegant and doesnt scale for > manintenance. > > out... > > > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of Sasa Stupar > Sent: Monday, December 20, 2004 1:33 PM > To: Netfilter ML > Subject: Re: Redirection question > > > Sasa Stupar a écrit : > > > Sasa Stupar a écrit : > > > >> Hi! > >> > >> I have installed mail server on my lan. Now I would like to redirect > >> all lan users to use that mail server as smtp (similar as transparent > >> proxy with squid). How do I do that smtp redirection? > >> I was thinking something like: > >> ------------- > >> iptables -t nat -A PREROUTING -i eth0 -s ! smtp-box -p tcp --dport 25 > >> -j DNAT --to smtp-box:25 > >> iptables -t nat -A POSTROUTING -o eth0 -s local-network -d smtp-box -j > >> SNAT --to iptables-box > >> iptables -A FORWARD -s local-network -d smtp-box -i eth0 -o eth0 -p > >> tcp --dport 25 -j ACCEPT > >> -------------- > >> Is this correct? > >> > >> Regards, > >> Sasa > >> > > > > I forgot some more infos: > > running on FC3 with sendmail. This is also a router with 2 NIC > > installed: one for internet and one for LAN. > > > > Sasa > > Solved. It is working as I have mentioned above. > > Sasa > >
Attachment:
signature.asc
Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?=
