Redirect All SMTP traffic

sarky · Mon Mar 27, 2006 11:25 pm

Hello all

I have looked and checked all over but i did not see it, i want to redirect all Traffic from a specific Real IP to Port: 25 to my local SMTP server but i am missing the point, can someone please point me in the right direction?

The aim of the above so the users do not have to change there SMTP server in the Email program.

Thank you

Sarkis

changeip · Tue Mar 28, 2006 1:04 am

Use dst-nat to translate the ip you wish to send it to. If the SMTP server is on the same LAN as the senders you will probably need some extra steps as the packets will be coming back from an IP it didn't expect.

I would always suggest fixing the clients rather than fix it at the border as it will cause more problems later, but if its a temp fix then ...

Sam

Tue Mar 28, 2006 8:20 am

Rule to redirect SMTP traffic to remote server has to be,
'ip firewall nat add chain=dstnat dst-port=25 protocol=tcp in-interface=users_interface_name action=dst-nat to-addresses=smtp server_address to-ports=25'

sarky · Tue Mar 28, 2006 11:02 pm

I have tried dst-nat before i posted the msg but for some reason it is not working, and then i thought it might because i am using REAL IPs all the way and nothing is being NAT.

At the moment if i test with a telnet to port 25 it opens up a connection but does not show anything on the telnet page. also the mail server does not show that anything is requesting audience.

Any ideas ?

SArky

changeip · Wed Mar 29, 2006 12:10 am

Is your redirected smtp traffic on the same LAN as the initiator? If so you need to mess around with src-nat and dst-nat probably.

If you want to change the src or dst of a packet then you are doing NAT. Redirect is only for redirecting traffic to the router itself, ie proxy, etc.

sarky · Wed Mar 29, 2006 12:17 am

Hi ChangeIP

Yeah it is on the Same LAN and i have tried the above as i said before but for some reason it is not sending it to where it suppose to even tried srcnat but nothing happened..

Have you tried it yourself, i know it is done on hotspot by Default ..

Sarky

changeip · Wed Mar 29, 2006 12:31 am

If its on the same lan you run into a source/dest ip problem... think about this:

you request a connection from 1.1.1.1 to 2.2.2.2. Your router does a dst-nat and sends that connection to 3.3.3.3 because you want to capture that conversation. Now, 3.3.3.3 sends the packet back to 1.1.1.1 directly and 1.1.1.1 is not expecting a reply from him, so it ignores the packets. You need to add a src-nat or masq to make the 3.3.3.3 server think the router is talking to him not the original.

The best way is to separate the dmz servers from your user lan physically, that way the packets have to traverse the router to get back to the original caller and nat takes care of it for you.

Sam