RE: smtp/pop and NAT only

["Baake, Matthias" <m.baake@xxxxxxxx>]

-----Original Message-----
From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of
varun_saa@xxxxxxxx
Sent: Wednesday, May 18, 2005 1:44 PM
To: Rob Sterenborg
Cc: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: RE: smtp/pop and NAT only




----- Original Message -----
From: Rob Sterenborg <rob@xxxxxxxxxxxxxxx>
Date: Wednesday, May 18, 2005 3:54 pm
Subject: RE: smtp/pop and NAT only

> > Hello,
> >      My server is on FC3 (fedora3)
> > eth0 is WAN ---> DSL router ----> ISP
> > eth1 is LAN
> 
> Not sure I understand the ASCII art : is your server the DSL router ?
The server has two ethernet card. eth0 is basically WAN.
> 
> > I would like to that 2 client 192.168.0.253 and 192.168.0.248 
> > are connected to " fedora3 server "
> > via NAT.
> 
> So that they can do "anything" ?

Yes that is correct.
> 
> > And all other clients connected to "fedora3 server"
> > are able to only send / recieve mail.
> > 
> > Howto do that
> 
> Something like :
> 
> $IPT -P FORWARD DROP
> 
> $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> $IPT -A FORWARD -i eth1 -o eth0 -s 192.168.0.248 -j ACCEPT
> $IPT -A FORWARD -i eth1 -o eth0 -s 192.168.0.253 -j ACCEPT
> $IPT -A FORWARD -i eth1 -o eth0 -p tcp --dport 25 -j ACCEPT
> $IPT -A FORWARD -i eth1 -o eth0 -p tcp --dport 110 -j ACCEPT
> 
> $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT \
>  --to-source <inet_ip>

No static IP


> 
> Maybe Oscars IPTables tutorial is something useful :
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html
> 
> 
> Gr,
> Rob

Thanks a lot

I shall give it a try.

Varun
> 
> 
> 

> $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT \
>  --to-source <inet_ip>

No static IP

in this case this should work.

  $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE

Greets,
Matthias