netfilter-bounces@xxxxxxxxxxxxxxxxxxx scribbled on : > I am trying to run our qmail E-Mail server behind our > firewall. Our firewall is a linux box running > iptables. The current configuration is as following: > > Firewall > Eth0: 10.10.10.1 --- Internal LAN > Eth1: 208.10.10.1 --- Primary Internet > Eth1:0: 208.10.10.2 --- Alias for web (listed in DNS) > Eth1:1 208.10.10.3 --- Alias for E-mail (listed in > DNS) > > Email Server > Eth0: 10.10.10.100 > > Web Server > Eth0: 10.10.10.200 > > Basically I need every packet that arrives on > Ethernet1:1 using ports 110,25,143 forwarded to > 10.10.10.100. 10.10.10.100 then needs to reference > all it packets to 208.10.10.1 when send back to > internet community. I suppose you have FORWARD policy set to DROP : $ipt -A FORWARD -m state --state RELATED,ESTABLISHED \ -j ACCEPT $ipt -A FORWARD -m state --state NEW -i eth1 -o eth0 \ -d 10.10.10.100 -p tcp --dport 25 -j ACCEPT $ipt -A FORWARD -m state --state NEW -i eth1 -o eth0 \ -d 10.10.10.100 -p tcp --dport 110 -j ACCEPT $ipt -A FORWARD -m state --state NEW -i eth1 -o eth0 \ -d 10.10.10.100 -p tcp --dport 143 -j ACCEPT $ipt -t nat -A PREROUTING -i eth1 -d 208.10.10.3 \ -p tcp --dport 25 -j DNAT --to 10.10.10.100 $ipt -t nat -A PREROUTING -i eth1 -d 208.10.10.3 \ -p tcp --dport 110 -j DNAT --to 10.10.10.100 $ipt -t nat -A PREROUTING -i eth1 -d 208.10.10.3 \ -p tcp --dport 143 -j DNAT --to 10.10.10.100 Or, if you can use the multiport module : $ipt -A FORWARD -m state --state RELATED,ESTABLISHED \ -j ACCEPT $ipt -A FORWARD -m state --state NEW -i eth1 -o eth0 \ -d 10.10.10.100 -m multiport -p tcp \ --dports 25,110,143 -j ACCEPT $ipt -t nat -A PREROUTING -i eth1 -d 208.10.10.3 \ -m multiport -p tcp --dports 25,110,143 \ -j DNAT --to 10.10.10.100 Gr, Rob
