Redirecting mail

Rob Sterenborg rob at
Fri Apr 8 14:06:15 CEST 2005

> > There is no need to use multiport because you only DNAT 1 
> port : smtp.
> > But that should not be a problem.
> >
> > iptables -t nat -A OUTPUT -p tcp --dports smtp \ -j DNAT 
> > --to-destination
> if I try it without the multiport option i get the following
> error..
> [root at posjia0h01 root]# iptables -t nat -A OUTPUT -p tcp 
> --dports smtp -j DNAT --to-destination iptables 
> v1.2.5: Unknown arg `--dports'
> Try `iptables -h' or 'iptables --help' for more information.

Sorry, that should be "--dport", not "--dports".

> this is strange...
> Ive got another mailserver ..
> now if I put that rule in
>  iptables -t nat -A OUTPUT -p tcp -m multiport --dports smtp  
> -j DNAT --to-destination
> and if I try telnet to any mail server on the internet , i connect to
> (Which should happen on

So if the rule works on, it should also be correct for

> [root at poscpt0h01 root]# telnet 25 Trying 
> Connected to
> Escape character is '^]'.
> 220 c ESMTP Sendmail 8.12.8/8.12.8; 
> Fri, 8 Apr 2005
> 17:30:45 +0200 is I suppose ?

> is there noway to make it connect directly to, 
> but using as a gateway

I think you'd need a smtp proxy to do that (right now you're using as a mail-gateway because it forwards mail from other
Perhaps if you run a smtp proxy on port 26 or so, and forward other
mailservers to that port ( is already running a mailserver
on port 25) :

iptables -t nat -A OUTPUT -p tcp --dport smtp \
  -j DNAT --to
And let the smtp proxy connect to an internet MTA on port 25. But this
way you still don't connect directly to the receiving MTA.


********* DISCLAIMER ********* 
De informatie in dit E-mail bericht is uitsluitend bestemd voor de geadresseerde. Verstrekking aan en gebruik door anderen is niet toegestaan.
Door de elektronische verzending van het bericht kunnen er geen rechten worden ontleend aan de informatie. TTP staat niet in voor de juiste en volledige overbrenging van de inhoud van een verzonden E-mail, noch voor tijdige ontvangst daarvan. 

More information about the netfilter mailing list