MASQUERADE MAIL SERVER

Linux Netfilter discussions
 help / color / mirror / Atom feed

* MASQUERADE MAIL SERVER
@ 2009-07-23 17:02 Wilbert J. Rojas O.
  2009-07-23 17:40 ` Jorge Dávila
  2009-07-23 18:29 ` Michele Petrazzo - Unipex
  0 siblings, 2 replies; 6+ messages in thread
From: Wilbert J. Rojas O. @ 2009-07-23 17:02 UTC (permalink / raw)
  To: netfilter

  Hello,

My Network configuration is that:


ISP
|
|
|
|  *eth0 200.9.190.20* *eth0:1* 200.9.190.21 *eth0:2* 200.9.190.23 
*eth0:3* 200.9.190.24 *eth0:4* 200.9.190.25
LINUX BOX
|  *eth1 10.24.54.1/32*
|
|
LAN  10.24.54.0/24  gw 10.24.54.1
|
|
MAIL SERVER 10.54.24.96/32  gw 10.24.54.1



All machines to get out to INTERNET through my LINUX BOX included my 
MAIL SERVER but i want that MAIL SERVER to get out to INTERNET with IP 
Public Address different like 200.9.190.25 and my all rest network get 
out through 200.9.190.20

The rules i have applied like this but i don't know how to do that:

/sbin/iptables -t nat -A PREROUTING -i eth1 -s 10.24.54.0/255.255.255.0 
-d 0/0 -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A PREROUTING -i eth1 -s 10.24.54.0/255.255.255.0 
-d 0/0 -p tcp --dport 8080 -j REDIRECT --to-port 8080

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 
--dport 25 -j DNAT --to-destination 10.24.54.96:25
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 
--dport 110 -j DNAT --to-destination 10.24.54.96:110
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 
--dport 143 -j DNAT --to-destination 10.24.54.96:143


Any help or suggestions ??

Regards.



================================
Ing. Wilbert José Rojas Ochoa.
Administrador de Sistemas
Ideay ~ Equipos y Sistemas.
Managua, Nicaragua.
Telf. +(505) 2277-4000 Ext: 115.
Fax   +(505) 2277-4411.
USA:  +(305) 735-8364.
Cel.  +(505) 8883-2877.
================================



-- 
================================
Ing. Wilbert José Rojas Ochoa.
Administrador de Sistemas
Ideay ~ Equipos y Sistemas.
Managua, Nicaragua.
Telf. +(505) 2277-4000 Ext: 115.
Fax   +(505) 2277-4411.
USA:  +(305) 735-8364.
Cel.  +(505) 8883-2877.
================================


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: MASQUERADE MAIL SERVER
  2009-07-23 17:02 MASQUERADE MAIL SERVER Wilbert J. Rojas O.
@ 2009-07-23 17:40 ` Jorge Dávila
  2009-07-23 18:15   ` Wilbert J. Rojas O.
  2009-07-23 18:29 ` Michele Petrazzo - Unipex
  1 sibling, 1 reply; 6+ messages in thread
From: Jorge Dávila @ 2009-07-23 17:40 UTC (permalink / raw)
  To: Wilbert J. Rojas O.; +Cc: netfilter

Good morning,

You need acomplish something similar to this

http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS

Best regards,

Jorge Dávila.

On Thu, Jul 23, 2009 at 11:02 AM, Wilbert J. Rojas
O.<sysadmin@ideay.net.ni> wrote:
>  Hello,
>
> My Network configuration is that:
>
>
> ISP
> |
> |
> |
> |  *eth0 200.9.190.20* *eth0:1* 200.9.190.21 *eth0:2* 200.9.190.23 *eth0:3*
> 200.9.190.24 *eth0:4* 200.9.190.25
> LINUX BOX
> |  *eth1 10.24.54.1/32*
> |
> |
> LAN  10.24.54.0/24  gw 10.24.54.1
> |
> |
> MAIL SERVER 10.54.24.96/32  gw 10.24.54.1
>
>
>
> All machines to get out to INTERNET through my LINUX BOX included my MAIL
> SERVER but i want that MAIL SERVER to get out to INTERNET with IP Public
> Address different like 200.9.190.25 and my all rest network get out through
> 200.9.190.20
>
> The rules i have applied like this but i don't know how to do that:
>
> /sbin/iptables -t nat -A PREROUTING -i eth1 -s 10.24.54.0/255.255.255.0 -d
> 0/0 -p tcp --dport 80 -j REDIRECT --to-port 8080
> /sbin/iptables -t nat -A PREROUTING -i eth1 -s 10.24.54.0/255.255.255.0 -d
> 0/0 -p tcp --dport 8080 -j REDIRECT --to-port 8080
>
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 --dport
> 25 -j DNAT --to-destination 10.24.54.96:25
> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 --dport
> 110 -j DNAT --to-destination 10.24.54.96:110
> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 --dport
> 143 -j DNAT --to-destination 10.24.54.96:143
>
>
> Any help or suggestions ??
>
> Regards.
>
>
>
> ================================
> Ing. Wilbert José Rojas Ochoa.
> Administrador de Sistemas
> Ideay ~ Equipos y Sistemas.
> Managua, Nicaragua.
> Telf. +(505) 2277-4000 Ext: 115.
> Fax   +(505) 2277-4411.
> USA:  +(305) 735-8364.
> Cel.  +(505) 8883-2877.
> ================================
>
>
>
> --
> ================================
> Ing. Wilbert José Rojas Ochoa.
> Administrador de Sistemas
> Ideay ~ Equipos y Sistemas.
> Managua, Nicaragua.
> Telf. +(505) 2277-4000 Ext: 115.
> Fax   +(505) 2277-4411.
> USA:  +(305) 735-8364.
> Cel.  +(505) 8883-2877.
> ================================
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



-- 
Jorge Isaac Dávila López
+505 8430 5462
jorgedavilalopez@gmail.com
---
Esta tierra es Linux. En las noches calladas puede escucharse a las
máquinas Windows re-iniciándose...

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: MASQUERADE MAIL SERVER
  2009-07-23 17:40 ` Jorge Dávila
@ 2009-07-23 18:15   ` Wilbert J. Rojas O.
  2009-07-23 18:27     ` Jorge Dávila
  2009-07-23 18:34     ` Michele Petrazzo - Unipex
  0 siblings, 2 replies; 6+ messages in thread
From: Wilbert J. Rojas O. @ 2009-07-23 18:15 UTC (permalink / raw)
  To: Jorge Dávila; +Cc: netfilter

Thanks but i have only one internet provider. I  was trying with SNAT 
and DNAT but i failed with this rules:

iptables -t nat -A PREROUTING -p all -d 200.9.190.25 -i eth0 -j DNAT 
--to 10.24.54.96
iptables -t nat -A POSTROUTING -p all -d 10.24.54.96 -o eth0 -j SNAT 
--to 200.9.190.25

from mail server enter in my web browser this URL 
http://www.cualesmiip.com/ and always get out to INTERNET through 
200.9.190.20 and not through 200.9.190.25.

Any idea ??

Regards

================================
Ing. Wilbert José Rojas Ochoa.
Administrador de Sistemas
Ideay ~ Equipos y Sistemas.
Managua, Nicaragua.
Telf. +(505) 2277-4000 Ext: 115.
Fax   +(505) 2277-4411.
USA:  +(305) 735-8364.
Cel.  +(505) 8883-2877.
================================



Jorge Dávila escribió:
> Good morning,
>
> You need acomplish something similar to this
>
> http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS
>
> Best regards,
>
> Jorge Dávila.
>
> On Thu, Jul 23, 2009 at 11:02 AM, Wilbert J. Rojas
> O.<sysadmin@ideay.net.ni> wrote:
>   
>>  Hello,
>>
>> My Network configuration is that:
>>
>>
>> ISP
>> |
>> |
>> |
>> |  *eth0 200.9.190.20* *eth0:1* 200.9.190.21 *eth0:2* 200.9.190.23 *eth0:3*
>> 200.9.190.24 *eth0:4* 200.9.190.25
>> LINUX BOX
>> |  *eth1 10.24.54.1/32*
>> |
>> |
>> LAN  10.24.54.0/24  gw 10.24.54.1
>> |
>> |
>> MAIL SERVER 10.54.24.96/32  gw 10.24.54.1
>>
>>
>>
>> All machines to get out to INTERNET through my LINUX BOX included my MAIL
>> SERVER but i want that MAIL SERVER to get out to INTERNET with IP Public
>> Address different like 200.9.190.25 and my all rest network get out through
>> 200.9.190.20
>>
>> The rules i have applied like this but i don't know how to do that:
>>
>> /sbin/iptables -t nat -A PREROUTING -i eth1 -s 10.24.54.0/255.255.255.0 -d
>> 0/0 -p tcp --dport 80 -j REDIRECT --to-port 8080
>> /sbin/iptables -t nat -A PREROUTING -i eth1 -s 10.24.54.0/255.255.255.0 -d
>> 0/0 -p tcp --dport 8080 -j REDIRECT --to-port 8080
>>
>> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 --dport
>> 25 -j DNAT --to-destination 10.24.54.96:25
>> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 --dport
>> 110 -j DNAT --to-destination 10.24.54.96:110
>> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20 --dport
>> 143 -j DNAT --to-destination 10.24.54.96:143
>>
>>
>> Any help or suggestions ??
>>
>> Regards.
>>
>>
>>
>> ================================
>> Ing. Wilbert José Rojas Ochoa.
>> Administrador de Sistemas
>> Ideay ~ Equipos y Sistemas.
>> Managua, Nicaragua.
>> Telf. +(505) 2277-4000 Ext: 115.
>> Fax   +(505) 2277-4411.
>> USA:  +(305) 735-8364.
>> Cel.  +(505) 8883-2877.
>> ================================
>>
>>
>>
>> --
>> ================================
>> Ing. Wilbert José Rojas Ochoa.
>> Administrador de Sistemas
>> Ideay ~ Equipos y Sistemas.
>> Managua, Nicaragua.
>> Telf. +(505) 2277-4000 Ext: 115.
>> Fax   +(505) 2277-4411.
>> USA:  +(305) 735-8364.
>> Cel.  +(505) 8883-2877.
>> ================================
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>>     
>
>
>
>   

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: MASQUERADE MAIL SERVER
  2009-07-23 18:15   ` Wilbert J. Rojas O.
@ 2009-07-23 18:27     ` Jorge Dávila
  2009-07-23 18:34     ` Michele Petrazzo - Unipex
  1 sibling, 0 replies; 6+ messages in thread
From: Jorge Dávila @ 2009-07-23 18:27 UTC (permalink / raw)
  To: Wilbert J. Rojas O.; +Cc: netfilter

According to the RFC 3330 the address range

10.0.0.0 - 10.255.255.255

is a private adress range.

Jorge Dávila.

2009/7/23 Wilbert J. Rojas O. <sysadmin@ideay.net.ni>:
> Thanks but i have only one internet provider. I  was trying with SNAT and
> DNAT but i failed with this rules:
>
> iptables -t nat -A PREROUTING -p all -d 200.9.190.25 -i eth0 -j DNAT --to
> 10.24.54.96
> iptables -t nat -A POSTROUTING -p all -d 10.24.54.96 -o eth0 -j SNAT --to
> 200.9.190.25
>
> from mail server enter in my web browser this URL http://www.cualesmiip.com/
> and always get out to INTERNET through 200.9.190.20 and not through
> 200.9.190.25.
>
> Any idea ??
>
> Regards
>
> ================================
> Ing. Wilbert José Rojas Ochoa.
> Administrador de Sistemas
> Ideay ~ Equipos y Sistemas.
> Managua, Nicaragua.
> Telf. +(505) 2277-4000 Ext: 115.
> Fax   +(505) 2277-4411.
> USA:  +(305) 735-8364.
> Cel.  +(505) 8883-2877.
> ================================
>
>
>
> Jorge Dávila escribió:
>>
>> Good morning,
>>
>> You need acomplish something similar to this
>>
>> http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS
>>
>> Best regards,
>>
>> Jorge Dávila.
>>
>> On Thu, Jul 23, 2009 at 11:02 AM, Wilbert J. Rojas
>> O.<sysadmin@ideay.net.ni> wrote:
>>
>>>
>>>  Hello,
>>>
>>> My Network configuration is that:
>>>
>>>
>>> ISP
>>> |
>>> |
>>> |
>>> |  *eth0 200.9.190.20* *eth0:1* 200.9.190.21 *eth0:2* 200.9.190.23
>>> *eth0:3*
>>> 200.9.190.24 *eth0:4* 200.9.190.25
>>> LINUX BOX
>>> |  *eth1 10.24.54.1/32*
>>> |
>>> |
>>> LAN  10.24.54.0/24  gw 10.24.54.1
>>> |
>>> |
>>> MAIL SERVER 10.54.24.96/32  gw 10.24.54.1
>>>
>>>
>>>
>>> All machines to get out to INTERNET through my LINUX BOX included my MAIL
>>> SERVER but i want that MAIL SERVER to get out to INTERNET with IP Public
>>> Address different like 200.9.190.25 and my all rest network get out
>>> through
>>> 200.9.190.20
>>>
>>> The rules i have applied like this but i don't know how to do that:
>>>
>>> /sbin/iptables -t nat -A PREROUTING -i eth1 -s 10.24.54.0/255.255.255.0
>>> -d
>>> 0/0 -p tcp --dport 80 -j REDIRECT --to-port 8080
>>> /sbin/iptables -t nat -A PREROUTING -i eth1 -s 10.24.54.0/255.255.255.0
>>> -d
>>> 0/0 -p tcp --dport 8080 -j REDIRECT --to-port 8080
>>>
>>> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>>
>>> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20
>>> --dport
>>> 25 -j DNAT --to-destination 10.24.54.96:25
>>> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20
>>> --dport
>>> 110 -j DNAT --to-destination 10.24.54.96:110
>>> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 200.9.190.20
>>> --dport
>>> 143 -j DNAT --to-destination 10.24.54.96:143
>>>
>>>
>>> Any help or suggestions ??
>>>
>>> Regards.
>>>
>>>
>>>
>>> ================================
>>> Ing. Wilbert José Rojas Ochoa.
>>> Administrador de Sistemas
>>> Ideay ~ Equipos y Sistemas.
>>> Managua, Nicaragua.
>>> Telf. +(505) 2277-4000 Ext: 115.
>>> Fax   +(505) 2277-4411.
>>> USA:  +(305) 735-8364.
>>> Cel.  +(505) 8883-2877.
>>> ================================
>>>
>>>
>>>
>>> --
>>> ================================
>>> Ing. Wilbert José Rojas Ochoa.
>>> Administrador de Sistemas
>>> Ideay ~ Equipos y Sistemas.
>>> Managua, Nicaragua.
>>> Telf. +(505) 2277-4000 Ext: 115.
>>> Fax   +(505) 2277-4411.
>>> USA:  +(305) 735-8364.
>>> Cel.  +(505) 8883-2877.
>>> ================================
>>>
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>
>>>
>>
>>
>>
>>
>



-- 
Jorge Isaac Dávila López
+505 8430 5462
jorgedavilalopez@gmail.com
---
Esta tierra es Linux. En las noches calladas puede escucharse a las
máquinas Windows re-iniciándose...

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: MASQUERADE MAIL SERVER
  2009-07-23 17:02 MASQUERADE MAIL SERVER Wilbert J. Rojas O.
  2009-07-23 17:40 ` Jorge Dávila
@ 2009-07-23 18:29 ` Michele Petrazzo - Unipex
  1 sibling, 0 replies; 6+ messages in thread
From: Michele Petrazzo - Unipex @ 2009-07-23 18:29 UTC (permalink / raw)
  To: Wilbert J. Rojas O.; +Cc: netfilter

Wilbert J. Rojas O. wrote:
>  Hello,
> 
> My Network configuration is that:
> 
> 
> ISP
> |
> |
> |
> |  *eth0 200.9.190.20* *eth0:1* 200.9.190.21 *eth0:2* 200.9.190.23 
> *eth0:3* 200.9.190.24 *eth0:4* 200.9.190.25
> LINUX BOX


why this on not only a unque network card with more than one address and 
not more than one alias?

for i in 21 22 23 24 25 ; do
   ip addr add 200.9.190.$i/? dev eth0
done

> |  *eth1 10.24.54.1/32*
> |
> |
> LAN  10.24.54.0/24  gw 10.24.54.1
> |
> |
> MAIL SERVER 10.54.24.96/32  gw 10.24.54.1
> 

you cannot have 10.54.24.96/32. this is an host-only network!

Before start, show us an "ip route sh" and "ip addr sh" of the linuxbox.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: MASQUERADE MAIL SERVER
  2009-07-23 18:15   ` Wilbert J. Rojas O.
  2009-07-23 18:27     ` Jorge Dávila
@ 2009-07-23 18:34     ` Michele Petrazzo - Unipex
  1 sibling, 0 replies; 6+ messages in thread
From: Michele Petrazzo - Unipex @ 2009-07-23 18:34 UTC (permalink / raw)
  To: Wilbert J. Rojas O.; +Cc: Jorge Dávila, netfilter

Wilbert J. Rojas O. wrote:
> Thanks but i have only one internet provider. I  was trying with SNAT 
> and DNAT but i failed with this rules:
> 
> iptables -t nat -A PREROUTING -p all -d 200.9.190.25 -i eth0 -j DNAT 
> --to 10.24.54.96

#so also you lan clients can talk with pubblic ip
$IPT -t nat -A PREROUTING -d 200.9.190.25 -j DNAT --to 10.24.54.96

> iptables -t nat -A POSTROUTING -p all -d 10.24.54.96 -o eth0 -j SNAT 
> --to 200.9.190.25

$IPT -t nat -A POSTROUTING -s 10.24.54.96 -o eth0 -j SNAT
--to 200.9.190.25

Michele

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2009-07-23 18:34 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-23 17:02 MASQUERADE MAIL SERVER Wilbert J. Rojas O.
2009-07-23 17:40 ` Jorge Dávila
2009-07-23 18:15   ` Wilbert J. Rojas O.
2009-07-23 18:27     ` Jorge Dávila
2009-07-23 18:34     ` Michele Petrazzo - Unipex
2009-07-23 18:29 ` Michele Petrazzo - Unipex

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox