Hello again Mike, On Fri, 2010-02-12 at 11:56 -0800, Mike Wright wrote: > >> Salve, Guido. I gave this a verrrry quick glance and off the top of my > >> head I think something looks fishy in the POSTROUTING rules. > >> > >> In the PREROUTING you are selecting based on the *destination* port. On > >> the return trip shouldn't POSTROUTING use *source* port? > > > > Hold on a second. The originating caller expects a reply on *its 25 > > port*. Therefore my originating port could be everything and usually is > > an high port (> 1024) different than 25, but the important is that the > > destination port is 25 because there is the caller waiting a reply. > > > > Therefore even in the case of SNAT, I am selecting the destination port. > > > > Do you convene with me now ? > > Yes, indeed. It seems I have my brain in backwards ;D > > Buona fortuna ! You were actually right. The SNAT needs to be done with --sport 25 and not with --dport 25. But still I cannot get the mail delivered and actually I cannot see POSTROUTING but only untranslated reply packets... Any other idea ? Regards, Guido -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
