Firewall Wizards mailing list archives

RE: iptables dnat problem

From: "Luke Butcher" <Luke.Butcher () alphawest com au>
Date: Thu, 9 Feb 2006 09:02:28 +1100

 
Hi Michael,

I suspect it's because you haven't specified the destination address.

Maybe try something like the following 
   iptables -t nat -A PREROUTING -d $SECOND_IP_EXT -p tcp -m tcp --dport
25 -j DNAT --to-destination $SECOND_IP_INT:10025

Luke Butcher
Network/Security Consultant
www.alphawest.com.au

-----Original Message-----
From: Michael [mailto:michael () insulin-pumpers org] 
Sent: Sunday, 5 February 2006 5:30 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] iptables dnat problem

I have a mail daemon running on a border system bound to port 25,
INADDR_ANY

I'd like to run another smtp daemon on a virtual IP address on the same
system. I have the new daemon running on port 10025

iptables -t nat -A PREOUTING -p tcp 
     -d $SECOND_IP -dport 25 REDIRECT --to-port 10025

The daemon responds just fine to other hosts located on the same /24 as
the localhost, however remote hosts a hop or two away never seem to get
connected. This method seems to work fine for UDP ... I run a second
name server on this host configured as an RBL. Suggestions ???

Michael
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

iptables dnat problem Michael (Feb 07)
- Re: iptables dnat problem Juan Pablo Feria Gomez (Feb 08)
- <Possible follow-ups>
- RE: iptables dnat problem Luke Butcher (Feb 20)
  - RE: iptables dnat problem Michael (Feb 09)