RE: Redirection question

[Sasa Stupar <sasa@stupar.homelinux.net>]

[-- Attachment #1: Type: text/plain, Size: 2283 bytes --]

I did that because of one reason - viruses/worms sending from infected
computer by using mail server settings in the clients Outlook. But
clients also have some other accounts and not only local so I get
complains from my ISP and other that I am sending spam vith viruses.
This way I redirect all smtp traffic to my server which requires client
authentication. And if some worms/viruses have their own smtp server
they are also redirected to my internal mail server which will block
anauthorized relay attempt.

Sasa

V pon, 20.12.2004 ob 23:47 je Hudson Delbert J Contr 61 CS/SCBN
napisal(a):
> i guess i need to ask what role you play in the lan admin?
> 
> i think it might be easier to modify mx type pointer mechanisms on the clients
> instead of having the fw do all this wasteful redirs. they are wasteful
> because you now where you want the mail traffic to go - this isnt clever.
> its a way to perform this task but its not very elegant and doesnt scale for
> manintenance.
> 
> out...
> 
> 
> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org
> [mailto:netfilter-bounces@lists.netfilter.org]On Behalf Of Sasa Stupar
> Sent: Monday, December 20, 2004 1:33 PM
> To: Netfilter ML
> Subject: Re: Redirection question
> 
> 
> Sasa Stupar a écrit :
> 
> > Sasa Stupar a écrit :
> > 
> >> Hi!
> >>
> >> I have installed mail server on my lan. Now I would like to redirect 
> >> all lan users to use that mail server as smtp (similar as transparent 
> >> proxy with squid). How do I do that smtp redirection?
> >> I was thinking something like:
> >> -------------
> >> iptables -t nat -A PREROUTING -i eth0 -s ! smtp-box -p tcp --dport 25 
> >> -j DNAT --to smtp-box:25
> >> iptables -t nat -A POSTROUTING -o eth0 -s local-network -d smtp-box -j 
> >> SNAT --to iptables-box
> >> iptables -A FORWARD -s local-network -d smtp-box -i eth0 -o eth0 -p 
> >> tcp --dport 25 -j ACCEPT
> >> --------------
> >> Is this correct?
> >>
> >> Regards,
> >> Sasa
> >>
> > 
> > I forgot some more infos:
> > running on FC3 with sendmail. This is also a router with 2 NIC
> > installed: one for internet and one for LAN.
> > 
> > Sasa
> 
> Solved. It is working as I have mentioned above.
> 
> Sasa
> 
> 

[-- Attachment #2: To je digitalno podpisani del sporočila --]
[-- Type: application/pgp-signature, Size: 189 bytes --]