Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Iptables Port Forwarding
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
0day
n00b
n00b


Joined: 20 Apr 2005
Posts: 22
PostPosted: Thu Apr 28, 2005 8:34 pm    Post subject: Iptables Port Forwarding Reply with quote
Hola,

I'm trying to setup a rule in iptables that will forward all mail being sent to us to an external spam filtering appliance IF the mail being sent is not from the spam appliance. Does anyone know how to do this? Thanks. Jake
_________________
Jake H.
jakeh_at_0dayinc.com
0day Inc. Network Security Consulting for the Future...
www.0dayinc.com
Back to top
View user's profile Send private message
the_sphynx
Apprentice
Apprentice


Joined: 19 May 2004
Posts: 156
Location: Thornton, CO
PostPosted: Thu Apr 28, 2005 9:26 pm    Post subject: Reply with quote
You will have to forward all port 25 traffic to the appliance:
Code:
iptables -A PREROUTING -t nat -p tcp -d <your_external_address> --dport 25 -j DNAT --to <destination_address_of_appliance>:25

Something like that should do the trick!
_________________
Folding@Home User 285941
Back to top
View user's profile Send private message
0day
n00b
n00b


Joined: 20 Apr 2005
Posts: 22
PostPosted: Thu Apr 28, 2005 9:59 pm    Post subject: Reply with quote
Let me explain in better detail

I meant to say something more like this:

[pseudo code]
If traffic coming in on port 25 is not coming from the IP address of the SpamAppliance's IP on port 25 then redirect the email to the SpamAppliance
on port 25 otherwise allow the email through.
[/pseudocode]

Basically it needs to meet two conditions. Thanks.

Jake
_________________
Jake H.
jakeh_at_0dayinc.com
0day Inc. Network Security Consulting for the Future...
www.0dayinc.com
Back to top
View user's profile Send private message
0day
n00b
n00b


Joined: 20 Apr 2005
Posts: 22
PostPosted: Fri Apr 29, 2005 3:37 pm    Post subject: Reply with quote
My other thought would be something like this although I can't think of how to grab $SOURCEIP

Code:

if [[ $SOURCEIP != $SPAMAPPLIANCE ]]; then
   $IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p tcp -m tcp --dport 25 -j DNAT --to-destination $SPAMAPPLIANCE:25
   $IPTABLES -t nat -A PREROUTING -i $INSIDE -p tcp -m tcp --dport 25 -j DNAT --to-destination $SPAMAPPLIANCE:25
else
   $IPTABLES -A INPUT -i $OUTSIDE -d $SPAMAPPLIANCE -p tcp --dport 25 -j ACCEPT
   $IPTABLES -A INPUT -i $INSIDE -s $LAN -p tcp --dport 25 -j ACCEPT
fi

_________________
Jake H.
jakeh_at_0dayinc.com
0day Inc. Network Security Consulting for the Future...
www.0dayinc.com
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy