forwarding port 25 to internal SMTP server
Gaston Franco
gfranco@arcert.gov.ar
Fri, 07 Dec 2001 10:15:30 -0300
Hi! .
I think that there's a mistake ...
From the line below...I assume, that "the SMTP server - 10.105.105.21" is on
an internal machine, behind the firewall ...
> iptables -t nat -A PREROUTING -d $EXTERNALIP -p tcp --dport 25 -j DNAT --to
> 10.105.105.21
So... you don't need to worry about INPUT and OUTPUT chains !...
this chains are never traversed for paquets not directed to the firewall
itself..
You need to look in the FORWARD chain ...
I don't know if you are using --state facility...
this is a tipical example .
iptables -t nat -A PREROUTING -i $EXT_IFACE -d $EXTERNALIP -p tcp --dport 25 \
-j DNAT --to INT_SERVER_TMP
iptables -A FORWARD -i $INT_IFACE -m state --state NEW,RELATED,ESTABLISHED \
-j ACCEPT
$iptables -A FORWARD -i $EXT_IFACE -p tcp -d $INT_SERVER_SMTP --dport 25 \
-m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
( where.. $INT_IFACE is your internal interface name "etho"
$EXT_IFACE is your external interface name "eth1"
$INT_SERVER_SMTP .. 10.105.105.21
$EXTERNALIP is your external firewall ip
)
Hope this help .
Phil Barbier wrote:
>
> Hi There,
>
> iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --dport 25 --destination
> $EXTERNALIP -j ACCEPT
>
> iptables -t nat -A PREROUTING -d $EXTERNALIP -p tcp --dport 25 -j DNAT --to
> 10.105.105.21
>
> These two should work fine - you need to accept traffic for the External IP,
> as that is where the clients "think" that the mail is going to, they don't
> know about your 10.x.x.x network.
>
> This is assuming your OUTPUT rule on the filter table is set to ACCEPT.
>
> iptables -A INPUT -j ACCEPT -p tcp --sport 25 -s 10.105.105.21 -d 0.0.0.0/0
>
> You'll probably want to add support in there for SYN packets.
>
> Hope this helps,
>
> Phil Barbier.
>
> --
> Phil Barbier
> Registered Linux User #227794
> Web Developer & Linux Systems Administrator
> Online-Bills Ltd
> http://www.online-bills.com/
> mailto:p.barbier@online-bills.com?subject=from_email