From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: "DNAT" w/o changing source address?
Date: Thu, 04 Oct 2007 10:29:41 -0500 [thread overview]
Message-ID: <470506E5.6030605@riverviewtech.net> (raw)
In-Reply-To: <1191510830.13379.73.camel@localhost.localdomain>
On 10/04/07 10:13, John Madden wrote:
> Sure. But they could easily be on the same subnet.
Ok. So long as the NATing system can be connected to both subnets /
VLANs I don't think this will be a problem. If it is a problem, you may
have to put both systems on the same subnet.
> Right. What I want instead is for the NAT box to change the
> destination IP to direct the flow to the mail server. I don't care
> where the reply traffic goes (back through the NAT box is fine), I
> just need to maintain the source IP's (which implies not going back
> through the NAT, but rather directly back to the real client) to
> avoid confusion, make proper use of RBL's, etc.
This is why SNATing will not work. You will have to do something
fancier. Like I eluded to in my previous message, I think you could do
this with bridging and EBTables.
> Imagine troubleshooting Outlook POP3 clients when everyone's coming
> from the same IP.... *shudder*...
*NO*, I will not think about such horror, shame on you for even
suggesting it!
> The box does run Linux, but let's assume it doesn't. I really don't
> want to be horking with that machine in this manner.
Understood.
> The idea is that when users hit "mail.ivytech.edu" in their browsers,
> they get the web mail client. When they hit that same address with
> their SMTP clients, they'll talk to the MTA. LVS allows you to do
> this transparently and I assumed the same could be done with iptables
> -- that's all I'm trying to accomplish here.
LVS is not using traditional routing and as such you need to use
something beyond that.
> If the box could just modify the headers to change the destination IP
> and drop the packets back on the wire without any change to the
> source IP happening, I think I'd be happy.
Do you need to even change the destination IP if you can somehow get the
traffic over to the mail server? I'm still thinking bridging and
EBTables. I'll think about this and get back to you with a proposed
solution.
Grant. . . .
next prev parent reply other threads:[~2007-10-04 15:29 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-03 15:21 "DNAT" w/o changing source address? John Madden
2007-10-03 23:35 ` Grant Taylor
2007-10-03 23:50 ` Pascal Hambourg
2007-10-04 1:17 ` Grant Taylor
2007-10-04 13:14 ` John Madden
2007-10-04 13:14 ` John Madden
2007-10-04 14:09 ` Grant Taylor
2007-10-04 14:19 ` John Madden
2007-10-04 15:13 ` Grant Taylor
2007-10-04 14:17 ` Pascal Hambourg
2007-10-04 14:22 ` John Madden
2007-10-04 14:59 ` Pascal Hambourg
2007-10-04 15:13 ` John Madden
2007-10-04 15:29 ` Grant Taylor [this message]
2007-10-04 19:33 ` Grant Taylor
2007-10-04 16:01 ` Pascal Hambourg
2007-10-04 15:23 ` Grant Taylor
2007-10-04 15:52 ` Pascal Hambourg
2007-10-04 19:12 ` Grant Taylor
2007-10-04 19:25 ` John Madden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=470506E5.6030605@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=gtaylor+reply@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.