On Thu, 2005-05-19 at 21:44 +0800, Mark Quitoriano wrote:
here's how i did mine
iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -j DNAT --to-destination 10.0.0.1
iptables -t nat -A POSTROUTING -d 10.0.0.1 -j SNAT --to xxx.xxx.xxx.xxx
because the firewall has different ip than my mail server
You are forwarding it twice
Is 10.0.0.1 the internal interface of the firewall (that contains -d xxx.xxx.xxx.xxx) or is it a seperate machine
If it is on the same machine, try this (assuming you have a FORWARD rule too):
iptables -A FORWARD -i $EXTIF -p tcp --dport 25 -m state \ --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d $EXTIP --dport 25 \ -j DNAT --to xxx.xxx.xxx.xxx
($EXTIF is the external insterface {eth0, eth1, etc.}, $EXTIP is the external IP address)
On 5/19/05, Peter Farrow peter@farrows.org wrote:
If you're doing true port forwarding, the internal server should see the ip address of the external machine in its logs.
This is how my machines log that do this, I use this type of entry in iptables:
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to 10.198.0.17
P.
Johnny Hughes wrote:
On Thu, 2005-05-19 at 21:08 +0800, Mark Quitoriano wrote:
i'm having a problem viewing logs on forwarded ports from the firewall to another server, i forwarded mail(port 25) from the firewall to an internal server. The problem is when i try to view the logs it just shows the firewall ip as the sender and not the original sender.
In reality, the firewall may be making the connection to the internal server... and not the external machine. Especially if the internal server is on a 192.168.x.x or 10.x.x.x network and you are connecting via NAT. If that is the case, the external machine is connecting to the firewall and the firewall is connecting to the internal server.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos