* sendmail redirect
@ 2002-10-29 11:47 Julio Cesar Ody
2002-10-29 13:59 ` Antony Stone
0 siblings, 1 reply; 2+ messages in thread
From: Julio Cesar Ody @ 2002-10-29 11:47 UTC (permalink / raw)
To: netfilter
Hello. I need to redirect all mail trafic that enters a gateway to an
email server inside the same LAN. Here's the scenario:
|----------------| |----------------------|
internet <---> | gate(10.0.0.1) | ------ | mailserver(10.0.0.2) |
|----------------| |----------------------|
"gate" is the only machine with a real ip, so, from outside this LAN,
people will refer to it in order to fetch their email. So my question
is: What rules do I need to use in order to make "gate" pass the mail
tasks to "mailserver" (receive smtp/pop requests) ? Thanks in advance.
Julio Cesar Ody
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: sendmail redirect
2002-10-29 11:47 sendmail redirect Julio Cesar Ody
@ 2002-10-29 13:59 ` Antony Stone
0 siblings, 0 replies; 2+ messages in thread
From: Antony Stone @ 2002-10-29 13:59 UTC (permalink / raw)
To: netfilter
On Tuesday 29 October 2002 11:47 am, Julio Cesar Ody wrote:
> Hello. I need to redirect all mail trafic that enters a gateway to an
> email server inside the same LAN. Here's the scenario:
>
> |----------------| |----------------------|
> internet <---> | gate(10.0.0.1) | ------ | mailserver(10.0.0.2) |
> |----------------| |----------------------|
>
> "gate" is the only machine with a real ip, so, from outside this LAN,
> people will refer to it in order to fetch their email. So my question
> is: What rules do I need to use in order to make "gate" pass the mail
> tasks to "mailserver" (receive smtp/pop requests) ?
Your request is slightly confusing, since in the first sentence you refer to
"an email server inside the *same* LAN", suggesting that the requests are
coming from the LAN as well, and then in the rest of the question you talk
about people outside the LAN getting access to it for both SMTP and POP3.
You should be aware that the answers to these two are very different -
providing external access from the Internet is much simpler than redirecting
internal requests to a server on the same subnet as the client, so I'm going
to assume in this answer that you only need external access via the public
IP. Internal access via the private IP 10.0.0.2 will still work fine.
So, here's what you do:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A PREROUTING -d a.b.c.d -p tcp --dport 25 -j DNAT --to 10.0.0.2
iptables -A PREROUTING -d a.b.c.d -p tcp --dport 110 -j DNAT --to 10.0.0.2
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -d 10.0.0.2 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -d 10.0.0.2 -p tcp --dport 110 -j ACCEPT
Where a.b.c.d is the external address of your gateway machine.
If you don't understand why these rules will do what you want, just ask.
Antony.
--
If at first you don't succeed, destroy all the evidence that you tried.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-10-29 13:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-29 11:47 sendmail redirect Julio Cesar Ody
2002-10-29 13:59 ` Antony Stone
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.