nat question

[Geordie Williamson]

>I would like to know if I could, when the connection is made on the pop3 
>server the IP that is connecting to the server is that from internet (the 
>legal number) and I want to see the internal card (private) of the firewall 
>connecting and not the legal number.
>
>I thing this would be done with some sort of nat can some help me ?

This seems like a very strange thing to want to do but...!

Anyway, I guess this could be done like this:

iptables -t nat -A PREROUTING -d <external-ip> --d-port pop3 -j DNAT --to 
<internal-ip of mail-server>

you then need a rule in you POSTROUTING chain:
iptables -t nat -A POSTROUTING -d <internal-ip of mailserver> -j SNAT --to 
<firewall ip (internal)>

Please note: I have not tried this; logically it should work but I would 
also guess that it might produces some strange results.

HTH, Geordie.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp