Re: Port forwarding (non-NAT)

[Kristofer <kristofer@cybernetik.net>]

> Huh ? What is that SMTP software which requires tu run one separate 
> daemon for each listening port ? If it can use inetd, you can have it 
> listening on multiple ports even without a single idle daemon running 
> (except inetd itself of course). 

I mis-spoke. What I am using requires me to manually edit configuration files after every single upgrade (annoying), so I'd rather adjust the settings outside of the software (such as iptables) so I can simply have it remain listening on port 25 only and I do not have to edit configuration files to tell it to also listen on port 587. 


> Port forwarding is a form of destination NAT. It can also be done with a 
> TCP relay such as 6tunnel, but the final destination sees only the relay 
> address, not the original source address. Not very convenient for 
> logging or access control. 

I assumed that may be the case.  I'm coming out of a world of IPFW and trying to get a complete grasp on iptables.  It's getting more clear each day. :-)


> > if iptables on the same computer as the smtp server: 
> > 
> > iptables -t nat -A PREROUTING -p tcp --dport 587 -m state --state NEW -d 
> > $IP_OF_MAIL_SERVER -j REDIRECT --to-ports 25 
> > 
> > else: 
> > 
> > iptables -t nat -A PREROUTING -p tcp --dport 587 -m state --state NEW -d 
> > $IP_OF_MAIL_SERVER -j DNAT --to $IP_OF_MAIL_SERVER:25 
> 
> Note that the second rule also works on the server itself. 

I went with the first rule, and it is working thus far.

Thanks!

Kristofer