From: Micha Silver <micha@arava.co.il>
To: netfilter@lists.netfilter.org
Subject: Re: Redirecting outgoing SMTP from LAN to another LAN server
Date: Sat, 15 May 2004 14:42:21 +0300 [thread overview]
Message-ID: <40A6021D.9030201@arava.co.il> (raw)
In-Reply-To: <200405131442.24566.Antony@Soft-Solutions.co.uk>
Antony Stone wrote:
> On Thursday 13 May 2004 1:46 pm, Gavin Hamill wrote:
>
>
>>This is just a final followup to say thanks for the advice, and to report
>>on the final solution.
>>
>>eth0 is the 0utside, and eth1 is the 1nside (that's what I use to stop
>>confusing myself...) and 10.0.0.254 is the firewall and default gateway for
>>all LAN machines
>>
>>$ iptables -t nat -A PREROUTING -p tcp -i eth1 -s ! 10.0.0.253 --dport 25
>>-j DNAT --to 10.0.0.253:25
>>$ iptables -t nat -A POSTROUTING -p tcp -s 10.0.0.0/24 -d 10.0.0.253
>>--dport 25 -j SNAT --to 10.0.0.254
>>
>>This way, LAN users trying to connect directly to an external mail server
>>get sent to the MTA on 10.0.0.253, and 10.0.0.253 itself still has full
>>access to 'real' port 25 in order that it can deliver mails! :)
>>
Gavin:
Why would your LAN users ever need to send SMTP to anywhere other
than your MTA? With the above rules aren't you allowing an 1nside (I
like that 0 1 idea!) computer, infected with a worm to propagate the
virus?
I apologize if I missed something in your original post that
explains this.
--Micha
>>Cheers,
>>Gavin.
>
>
> I'd just like to say that it's very nice to see a posting like this here,
> showing the working solution (together with an explanation of why it works,
> and exactly what it does), since this sort of thing is very useful to people
> searching the archives in future.
>
> Find a working solution which someone has bothered to document is much more
> helpful than finding someone with a similar problem, and having to go through
> half the same effort of solving it, so thanks Gavin for providing this info.
>
> Regards,
>
> Antony.
>
next prev parent reply other threads:[~2004-05-15 11:42 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-29 9:59 Redirecting outgoing SMTP from LAN to another LAN server Gavin Hamill
2004-04-29 13:37 ` Alexander Samad
2004-04-29 14:47 ` Sven Schuster
2004-04-29 22:23 ` Alexander Samad
2004-04-30 12:28 ` Gavin Hamill
2004-05-13 12:46 ` Gavin Hamill
2004-05-13 13:42 ` Antony Stone
2004-05-15 11:42 ` Micha Silver [this message]
2004-05-15 12:27 ` Gavin Hamill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40A6021D.9030201@arava.co.il \
--to=micha@arava.co.il \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.