Zagato a écrit :
Hi.... im trying to forward the conecction to mail services like smtp( port 25) from one pc to another, im using: _mail_services=25,110,143,995,993 _mailserver=192.168.0.3 iptables -t mangle -A ftolocal -p tcp -m multiport --destination-ports $_mail_services -j MARK --set-mark 1 iptables -t nat -A ftolocal -p tcp -m multiport --destination-ports $_mail_services -j DNAT --to-destination 192.168.0.3 where ftolocal its a chain name for mangle and nat... the ip addres source it's 192.168.0.5 and i want to send localhost connections to 192.168.0.3... when i use the lines above i can: telnet 192.168.0.5 25 and it works... giving me: Trying 192.168.0.5... Connected to beta.gps.com.co (192.168.0.5). Escape character is '^]'. 220 alpha.gps.com.co ESMTP Postfix But when i use: telnet localhost 25 or telnet 127.0.0.1 25 tha must be equal i get.. Trying 127.0.0.1... and statys there forever.....
The difference may lie in the source address. When you send a packet to a local address (127.0.0.0/8, 192.168.0.5) and don't set an explicit source address (with -b in telnet), the linux kernel selects the same local address for the source address. After matching the DNAT rule, packets are rerouted to the network interface through which the new destination can be reached instead of the loopback interface. However the kernel routing prohibits sending packets with a loopback address to a non loopback interface, i.e. outside the host. So packets with source address 192.168.0.5 are sent out, but packets with source address 127.0.0.1 are discarded. An additional SNAT rule wouldn't help here because it would take place after the packet has been discarded.
-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
