John Madden a écrit :
Hmm, well here are the rules I'm running. The port forward: echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -d $EXTIP -p tcp --dport 25 -j DNAT --to $MAILSERVER:25 And the SNAT for return traffic: iptables -t nat -A POSTROUTING -d $MAILSERVER -j SNAT --to $EXTIP
Ok, this is the rule that changes the source address. The DNAT rule in the PREROUTING chain could not do it, even with a kernel 2.6.9.
...At least, I found that traffic wouldn't flow without this additional rule. Have I gotten something else fundamentally wrong here?
The above SNAT rule itself is not for return traffic. First, it matches packets destined to the mail server, i.e. original traffic. Second, return traffic skips the nat table chains.
If traffic does not flow without it, it could mean that the mail server does not send the reply traffic back to the NAT box. This is a routing problem. Does the mail server use the NAT box as its default gateway ?
- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
