* Redirect-pop3
@ 2006-06-30 17:18 Andrea Bencini
2006-06-30 18:56 ` Redirect-pop3 Alexandru Dragoi
0 siblings, 1 reply; 2+ messages in thread
From: Andrea Bencini @ 2006-06-30 17:18 UTC (permalink / raw)
To: netfilter
I have firewall (iptables) in my network (10.100.0.0/24) with iface eth0 in
local network and eth1 in external network (Internet).
eth0-->10.100.0.1-->default gateway for my local network.
My clients download mail (pop3).
I would like install p3scan into linux server (10.100.0.250) in my network
. This package listens on 8110 port and scans e-mails with clamav.
Without changing any configuration on my clients, the firewall should
redirect all mail download requests (pop3) to p3scan (port 8110); after
p3scan will download mails, will controll them and will deliver them to the
clients.
Other info:
Kernel-2.6
iptables-1.3.0
Which are the rules that I must implement on the firewall?
Thanks
Andrea
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Redirect-pop3
2006-06-30 17:18 Redirect-pop3 Andrea Bencini
@ 2006-06-30 18:56 ` Alexandru Dragoi
0 siblings, 0 replies; 2+ messages in thread
From: Alexandru Dragoi @ 2006-06-30 18:56 UTC (permalink / raw)
To: Andrea Bencini; +Cc: netfilter
Andrea Bencini wrote:
>I have firewall (iptables) in my network (10.100.0.0/24) with iface eth0 in
>local network and eth1 in external network (Internet).
>eth0-->10.100.0.1-->default gateway for my local network.
>My clients download mail (pop3).
>I would like install p3scan into linux server (10.100.0.250) in my network
>. This package listens on 8110 port and scans e-mails with clamav.
>Without changing any configuration on my clients, the firewall should
>redirect all mail download requests (pop3) to p3scan (port 8110); after
>p3scan will download mails, will controll them and will deliver them to the
>clients.
>Other info:
>Kernel-2.6
>iptables-1.3.0
>Which are the rules that I must implement on the firewall?
>Thanks
>Andrea
>
>
>
>
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -s
10.100.0.250 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -s
10.100.0.0/24 -j DNAT --to 10.100.0.250:8110
#iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 8110 -s !
10.100.0.1 -d 10.100.0.250 -j SNAT --to 10.100.0.1
The problem with pop3 is that it is not like HTTP. Requests to pop3
servers does not contain the remote address. The rules above just
redirect requests to 10.100.0.250, but p3scan will probably have a
static setup for wich pop3 server to use to make the user/pass checks.
If you change port 110 to port 80 to some squid machine, it will work
for sure for any HTTP request.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-06-30 18:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-30 17:18 Redirect-pop3 Andrea Bencini
2006-06-30 18:56 ` Redirect-pop3 Alexandru Dragoi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.