1 src 2 dest

Brad Chapman kakadu@earthlink.net
Thu, 26 Jul 2001 18:13:14 -0400 

Mr. Radel,

   I just read the patch-o-matic SAME help and it says that it is 
similar to SNAT: it takes a range
of addresses and gives a client the same address for each connection.  
Looks like I was either wrong
or else I simply don't understand the use of the SAME target.  Does 
anybody have a slightly clearer
explanation?

Brad

Radel wrote:

> Duplicate and resending packets is not sufficent:I'll try to explain: 
> in a tcp connection there are some numbers choosen by each host used 
> in the 3way handshake.
> Duiplicating a packet will send 2 syn packets with he same ack numer 
> to 2 different host. Each host will reply with one ack number. The 
> first that reaches the sender host will be accepted and using in the 
> last part of the handshake, the other will be discarder because isn't 
> related to any known connection (the ack number is not correct...).
> This doesn't mean that one mail will be delivered:I think that NO mai 
> will be delivered.
> 
> Radel
> 
> Brad Chapman wrote:
> 
>> Mr. Schaaf,
>> 
>>   Huh? I seemed to have read about a SAME target which allowed you to
>> duplicate and resend packets to a different IP address. I believe it
>> performs exactly what this guy wants: to be able to deliver multiple
>> e-mails to different servers. The only drawback, AFAICE, is that it
>> requires multiple rules for multiple e-mail servers; however, AFAIK, 
>> this
>> multiple-delivery SMTP server you describe could fix that 
>> dynamically.....
>> 
>> Brad
>> 
>> Patrick Schaaf wrote:
>> 
>>>> so for example if I had a mail server on the outside of a iptables 
>>>> firewall, and I sendmail to this mail server, I want same mail 
>>>> delieved to  that server and another mail server aswell.
>>> 
>>> 
>>> 
>>> 
>>> This cannot be done at a packet filtering level. You could use the
>>> REDIRECT rules to capture the outgoing SMTP connection, handle it
>>> using an SMTP server on the firewall machine, and write this SMTP
>>> server in a way that stably feeds each outgoing mail to the two
>>> external servers (essentially duplicating the mail, and running
>>> two independant deliveries). I don't know of any SMTP server
>>> software capable of doing that out of the box, so you probably
>>> have to find a knowledgeable programmer who writes it for you.
>>> For a competent person, that should 1-2 man-weeks work.
>>> 
>>> regards
>>>   Patrick
>>> 
>>> 
>>> 
>> 
>> 
> 
> 
>