[CentOS] Port Forwarding

Filipe Brandenburger filbranden at gmail.com
Mon Jan 19 16:19:51 UTC 2009


Hi,

On Mon, Jan 19, 2009 at 09:58, Thom Paine <painethom at gmail.com> wrote:
> I think option 2 will work best for me. The box and connection on
> y.y.y.y is strictly for communicating with this other mail server I
> need to relay out, and receive only patient records mail from. If I
> rewrite the packets to appear to be from 10.10.10.4 I think this will
> work.
>
> What would the best option for this be? I'm thinking I will have to
> stop using the gshield firewall that I used to use, and jsut write the
> rules manually in iptables because there will only be 1/2 a dozen or
> so and once they are wrote, they will be permament.

I don't know gshield, but I think that if it supports port forwarding
it will probably support rewriting the source address too.

If you want to implement it with iptables, this page has exactly what
you need to do it:
http://kreiger.linuxgods.com/kiki/?Port+forwarding+with+netfilter

The key part in your case is "The POSTROUTING SNAT rule in the
nat-table (optional)", which is what you need to make it look like
it's coming from 10.10.0.4.

Let us know how that goes!

HTH,
Filipe



More information about the CentOS mailing list