From: "Tóth Nándor" <nug@sch.bme.hu>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] iproute2 + netfilter problem
Date: Sat, 15 Jan 2005 11:11:19 +0000 [thread overview]
Message-ID: <41E8FA57.8070608@sch.bme.hu> (raw)
In-Reply-To: <000801c4fa41$f5c80080$02c0a8c0@sazhost>
Hali,
saz wrote:
> Hi guys, i have a problem with a configuration what i'm trying to do.
> I have two computers with linux, A and B, connected in the same network
> with this configuration:
>
> PC1 A: 192.168.192.1
>
> PC2 B: 192.168.192.30
>
> The PC1 A is a firewall doing nat... this one is connected to the
> internet via an adsl modem and of course it have its own public ip , and
> the router B is a smtp server but connected behind the router A, what
> i'm trying to do is redirect the smtp incoming traffic of the router A
> to the router B using iproute2 and nerfilter tools
>
> This is the configuration on the router A:
>
> *iptables -t mangle -A POSTROUTING -p tcp --dport 25 -j MARK --set-mark
> 1* ( this marks the smtp packets with 1 )
>
> i create a table called "smtp" in the rt_tables file.
>
> *ip rule add fwmark 1 table smtp* ( this is the rule for my table smtp )
>
> and finally i declare a via in my smtp table, so the smtp traffic would
> have to go by this way.
>
> *ip route add default via 192.168.192.30 table smtp*
> **
> Ok... for example if i make a telnet to PC1 on the 25 port.. this should
> redirect me to PC2 where is my real smtp server, but is not
> working... any idea of why ? the PC2 have not a firewall..
I think you totally misunderstood a few things. Routing is a different
layer (IP) than port 25 (smtp, TCP). You can not make tcp port 25
redirect using routing tools.
Here is an axample how to do it.
$IPTABLES -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -s $ANYWHERE -p
tcp --dport 25 -j DNAT --to-destination 192.168.1.x:25
$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -d $INTERNAL_NET -p TCP -s
$ANYWHERE --sport $UNPRIVPORTS \
-d 192.168.1.x --dport 25 -j ACCEPT
I recommend you to read a book about basic networking layers and/or
iptables.
--
Udv,
Nandor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2005-01-15 11:11 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-14 14:04 [LARTC] iproute2 + netfilter problem saz
2005-01-15 11:11 ` Tóth Nándor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41E8FA57.8070608@sch.bme.hu \
--to=nug@sch.bme.hu \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.