From: "Örjan Persson" <orange@fobie.net>
To: netfilter@lists.netfilter.org
Subject: Re: TCP redirect external to external host
Date: Tue, 9 Dec 2003 20:31:10 +0100 [thread overview]
Message-ID: <20031209193110.GA17111@fobie.net> (raw)
In-Reply-To: <1070997211.2880.4.camel@pepelui.baicom.com>
Alexis (..@..com) wrote:
> in fact if you do
>
> iptables -t nat -A PREROUTING -d host1 -p tcp --dport 33 -j DNAT --to
> host2:44 it keeps the original sender ip.
>
> if you want to change the sender ip to host1:33 you need to do this
> doing a POSTROUTING rule to do SNAT in this connection.
>
> I hope it helps
>
> please read
> http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html
Thanks for taking the time to answer!
Yes, I've read that manual a few times by now but I still doesn't really
understand what's going wrong. If I just use the rule you sent above, a
connection with telnet is just "hangning".
If I add the SNAT-rule it works, but the sender's IP will be altered to
host1 (the first server).
iptables -t nat -A PREROUTING -p tcp --dport 33 -i eth0 -j DNAT --to host2:44
iptables -t nat -A POSTROUTING -d host2 -p tcp --dport 25 -j SNAT --to host1
Why I want this is because I'm moving one SMTP to another location. So
from the postfix logs I get this:
Dec 9 19:27:56 mail postfix/smtpd[20692]: connect from host1[x.x.x.x]
host1 shouldn't be there, the original sender should.
I'm clueless. :(
next prev parent reply other threads:[~2003-12-09 19:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-09 19:04 TCP redirect external to external host Örjan Persson
2003-12-09 19:15 ` Antony Stone
2003-12-09 19:40 ` Örjan Persson
2003-12-09 19:49 ` Michael Gale
2003-12-09 19:56 ` Antony Stone
2003-12-09 20:11 ` Michael Gale
2003-12-09 19:49 ` Antony Stone
2003-12-09 20:05 ` Örjan Persson
[not found] ` <1070997211.2880.4.camel@pepelui.baicom.com>
2003-12-09 19:31 ` Örjan Persson [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-12-09 19:20 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031209193110.GA17111@fobie.net \
--to=orange@fobie.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox