Re: Redirect-pop3 - Alexandru Dragoi

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexandru Dragoi <alex@zoomnet.ro>
To: Andrea Bencini <andrea.bencini@tin.it>
Cc: netfilter@lists.netfilter.org
Subject: Re: Redirect-pop3
Date: Fri, 30 Jun 2006 21:56:56 +0300	[thread overview]
Message-ID: <44A573F8.4050308@zoomnet.ro> (raw)
In-Reply-To: <002701c69c69$445db990$0200640a@casa>

Andrea Bencini wrote:

>I have firewall (iptables) in my network (10.100.0.0/24) with iface eth0 in
>local network and eth1 in external network (Internet).
>eth0-->10.100.0.1-->default gateway for my local network.
>My clients download mail (pop3).
>I would like install p3scan into linux server (10.100.0.250) in my network
>. This package listens on 8110 port and scans e-mails with clamav.
>Without changing any configuration on my clients, the firewall should
>redirect all mail download requests (pop3) to p3scan (port 8110); after
>p3scan will download mails, will controll them and will deliver them to the
>clients.
>Other info:
>Kernel-2.6
>iptables-1.3.0
>Which are the rules that I must implement on the firewall?
>Thanks
>Andrea
>
>
>  
>
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -s
10.100.0.250 -j  ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -s
10.100.0.0/24 -j DNAT --to 10.100.0.250:8110
#iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 8110 -s !
10.100.0.1 -d 10.100.0.250 -j SNAT --to 10.100.0.1

The problem with pop3 is that it is not like HTTP. Requests to pop3
servers does not contain the remote address. The rules above just
redirect requests to 10.100.0.250, but p3scan will probably have a
static setup for wich pop3 server to use to make the user/pass checks.
If you change port 110 to port 80 to some squid machine, it will work
for sure for any HTTP request.

     prev parent reply	other threads:[~2006-06-30 18:56 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-30 17:18 Redirect-pop3 Andrea Bencini
2006-06-30 18:56 ` Alexandru Dragoi [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44A573F8.4050308@zoomnet.ro \
    --to=alex@zoomnet.ro \
    --cc=andrea.bencini@tin.it \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.