iptables trouble - Linux

This is a discussion on iptables trouble - Linux ; Hi All, Trying to get my firewall to route smtp to an internal mail server. 10.0(eth1) 192.168.x.x (external eth0) | | | | --------------------- | Network | 10.0.x.x Mail server iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE /etc/sysctrl ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: iptables trouble

  1. iptables trouble

    Hi All,

    Trying to get my firewall to route smtp to an internal mail server.


    10.0(eth1) 192.168.x.x (external eth0)
    | |
    | |
    ---------------------
    |
    Network
    |
    10.0.x.x Mail server

    iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

    /etc/sysctrl net.ipv4.ip_forward= 1

    iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 25 -j DNAT --to
    10.0.x.x:25

    The above allows all clients to share the internet connection + mail is
    forwarded to the mail server 10.0.x.x

    However no mail can be sent. Unless i drop the DNAT rule set. Everything
    else is set to ACCEPT. So there must be some sort of loop happening.

    I have tried lots of different FORWARD & OUTPUT rules but none that have
    worked as yet. Has anyone an idea of a rule that will route mail out or a
    better syntax for my DNAT rule that will not cause outgoing to queue.

    Regards,

    Luke


  2. Re: iptables trouble

    "Luke" wrote in message news:...
    > Hi All,
    >
    > Trying to get my firewall to route smtp to an internal mail server.
    >
    >
    > 10.0(eth1) 192.168.x.x (external eth0)
    > | |
    > | |
    > ---------------------
    > |
    > Network
    > |
    > 10.0.x.x Mail server
    >
    > iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
    >
    > /etc/sysctrl net.ipv4.ip_forward= 1
    >
    > iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 25 -j DNAT --to
    > 10.0.x.x:25
    >
    > The above allows all clients to share the internet connection + mail is
    > forwarded to the mail server 10.0.x.x
    >
    > However no mail can be sent. Unless i drop the DNAT rule set. Everything
    > else is set to ACCEPT. So there must be some sort of loop happening.
    >
    > I have tried lots of different FORWARD & OUTPUT rules but none that have
    > worked as yet. Has anyone an idea of a rule that will route mail out or a
    > better syntax for my DNAT rule that will not cause outgoing to queue.
    >
    > Regards,
    >
    > Luke


    The DNAT rule should be:
    iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT --to 10.0.x.x:25

    WZIS

    WZIS is an UNIX solution and service provider
    http://users.tpg.com.au/wzis

+ Reply to Thread