From: "Örjan Persson" <orange@fobie.net>
To: netfilter@lists.netfilter.org
Subject: Re: TCP redirect external to external host
Date: Tue, 9 Dec 2003 20:31:10 +0100 [thread overview]
Message-ID: <20031209193110.GA17111@fobie.net> (raw)
In-Reply-To: <1070997211.2880.4.camel@pepelui.baicom.com>
Alexis (..@..com) wrote:
> in fact if you do
>
> iptables -t nat -A PREROUTING -d host1 -p tcp --dport 33 -j DNAT --to
> host2:44 it keeps the original sender ip.
>
> if you want to change the sender ip to host1:33 you need to do this
> doing a POSTROUTING rule to do SNAT in this connection.
>
> I hope it helps
>
> please read
> http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html
Thanks for taking the time to answer!
Yes, I've read that manual a few times by now but I still doesn't really
understand what's going wrong. If I just use the rule you sent above, a
connection with telnet is just "hangning".
If I add the SNAT-rule it works, but the sender's IP will be altered to
host1 (the first server).
iptables -t nat -A PREROUTING -p tcp --dport 33 -i eth0 -j DNAT --to host2:44
iptables -t nat -A POSTROUTING -d host2 -p tcp --dport 25 -j SNAT --to host1
Why I want this is because I'm moving one SMTP to another location. So
from the postfix logs I get this:
Dec 9 19:27:56 mail postfix/smtpd[20692]: connect from host1[x.x.x.x]
host1 shouldn't be there, the original sender should.
I'm clueless. :(
next prev parent reply other threads:[~2003-12-09 19:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-09 19:04 TCP redirect external to external host Örjan Persson
2003-12-09 19:15 ` Antony Stone
2003-12-09 19:40 ` Örjan Persson
2003-12-09 19:49 ` Michael Gale
2003-12-09 19:56 ` Antony Stone
2003-12-09 20:11 ` Michael Gale
2003-12-09 19:49 ` Antony Stone
2003-12-09 20:05 ` Örjan Persson
[not found] ` <1070997211.2880.4.camel@pepelui.baicom.com>
2003-12-09 19:31 ` Örjan Persson [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-12-09 19:20 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031209193110.GA17111@fobie.net \
--to=orange@fobie.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.