From: Alexander Samad <alex@samad.com.au>
To: netfilter@lists.netfilter.org
Subject: Re: Redirecting outgoing SMTP from LAN to another LAN server
Date: Fri, 30 Apr 2004 08:23:26 +1000 [thread overview]
Message-ID: <20040429222326.GA15804@samad.com.au> (raw)
In-Reply-To: <20040429144757.GA6534@zion.homelinux.com>
[-- Attachment #1: Type: text/plain, Size: 2244 bytes --]
On Thu, Apr 29, 2004 at 04:47:57PM +0200, Sven Schuster wrote:
> On Thu, Apr 29, 2004 at 11:37:57PM +1000, Alexander Samad told us:
> > On Thu, Apr 29, 2004 at 10:59:49AM +0100, Gavin Hamill wrote:
> > > Hullo :)
> > >
> > > I'd like to do $SUBJECT, but after much playing with commands like
> > >
> > > iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 25 -j DNAT --to 10.0.0.253:25
> >
> > what about
> >
> > iptables -t nat -A PREROUTING -p tcp -i eth1 -s ! 10.0.0.253 --dport 25 -j DNAT --to 10.0.0.253:25
> >
> > I presume 10.0.0.253 is also on eth1.
> >
>
> The problem here might be that both the client and the server are on
> the same physical network. This means
>
> So assume we have a client (10.0.0.1) which wants to connect to a
> mail server (12.34.56.78) on the internet. So you DNAT the request to
> your internal mail server 10.0.0.253 at the firewall. Your internal
> mail server gets the request but will try to directly talk to the
> client, as in the packet the sender is still the original ip adress.
> (sorry if this is hard to understand, I'm not really good in
> explaining things :) So you will additionally need a SNAT rule on
> your firewall, something like
>
> iptables -t nat -A POSTROUTING -p tcp -i eth1 -s 10.0.0.0/8 \
> -d 10.0.0.253 --dport 25 -j SNAT --to 10.0.0.xx:25
yeap, forgot about that
>
> where xx would be the ip of your firewall. Now both the packets
> from the client to the server and the returning packets from the
> server to the client will travel through your firewall.
>
>
> HTH
>
> Sven
>
> >
>
> > >
> > > I have given up and have come to you fine people for help...
> > >
> > > My LAN is on eth1, with WAN on eth0. The gateway machine is 10.0.0.254 doing masq for
> > > LAN clients, but I'd like to send any outgoing SMTP connections to 10.0.0.253 - alas
> > > any time I've tried, I just end up killing ALL outgoing SMTP :(
> > >
> > > Any suggestions warmly received!
> > >
> > > Cheers,
> > > Gavin.
> > >
> > >
>
>
>
> --
> Linux zion 2.6.6-rc1 #1 Sat Apr 17 11:50:12 CEST 2004 i686 athlon i386 GNU/Linux
> 16:37:12 up 8 days, 21:26, 1 user, load average: 0.01, 0.01, 0.00
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-04-29 22:23 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-29 9:59 Redirecting outgoing SMTP from LAN to another LAN server Gavin Hamill
2004-04-29 13:37 ` Alexander Samad
2004-04-29 14:47 ` Sven Schuster
2004-04-29 22:23 ` Alexander Samad [this message]
2004-04-30 12:28 ` Gavin Hamill
2004-05-13 12:46 ` Gavin Hamill
2004-05-13 13:42 ` Antony Stone
2004-05-15 11:42 ` Micha Silver
2004-05-15 12:27 ` Gavin Hamill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040429222326.GA15804@samad.com.au \
--to=alex@samad.com.au \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.