Re: NAT for locahost to IP LAN for mail services

[Pascal Hambourg <pascal.mail@plouf.fr.eu.org>]

Zagato a écrit :
> Hi.... im trying to forward the conecction to mail services like smtp(
> port 25) from one pc to another, im using:
> 
> _mail_services=25,110,143,995,993
> _mailserver=192.168.0.3
> iptables -t mangle -A ftolocal -p tcp -m multiport --destination-ports
> $_mail_services -j MARK --set-mark 1
> iptables -t nat -A ftolocal -p tcp -m multiport --destination-ports
> $_mail_services -j DNAT --to-destination 192.168.0.3
> 
> where ftolocal its a chain name for mangle and nat...
> 
> the ip addres source it's 192.168.0.5 and i want to send localhost
> connections to 192.168.0.3...
> when i use the lines above i can:
> telnet 192.168.0.5 25
> and it works... giving me:
> Trying 192.168.0.5...
> Connected to beta.gps.com.co (192.168.0.5).
> Escape character is '^]'.
> 220 alpha.gps.com.co ESMTP Postfix
> 
> But when i use:
> telnet localhost 25 or telnet 127.0.0.1 25 tha must be equal i get..
> Trying 127.0.0.1...
> and statys there forever.....

The difference may lie in the source address. When you send a packet to 
a local address (127.0.0.0/8, 192.168.0.5) and don't set an explicit 
source address (with -b in telnet), the linux kernel selects the same 
local address for the source address. After matching the DNAT rule, 
packets are rerouted to the network interface through which the new 
destination can be reached instead of the loopback interface. However 
the kernel routing prohibits sending packets with a loopback address to 
a non loopback interface, i.e. outside the host. So packets with source 
address 192.168.0.5 are sent out, but packets with source address 
127.0.0.1 are discarded. An additional SNAT rule wouldn't help here 
because it would take place after the packet has been discarded.