SMTP Port fowarding

[simon24]

SITUATION
I want to use iptables to forward all incoming traffic on IP 70.86.157.xxx PORT 25 to IP 24.203.99.xxx PORT 2525. (Outside the network)

SCENARIO
1- someone send an email to user@domain.com
2- domain.com MX is mail.domain.com (70.86.157.xxx:25)
3- mail.domain.com:25 foward traffic to 24.203.99.xxx:2525
24.203.99.xxx:2525 proceed the mail.

I USED
I used the following iptables commands.

Code:

iptables -t nat -A PREROUTING -p TCP -i eth0 -d 70.86.157.xxx --dport 25 -j DNAT --to-destination 24.203.99.xxx:2525

THEN
I check if the commands was succesfuly done.

Code:

[root@zeus /]# iptables -t nat -L 
Chain PREROUTING (policy ACCEPT) 
target     prot opt source               destination          
DNAT       tcp  --  anywhere             xxx.70-86-157.domain.comtcp dpt:smtp to:24.203.99.xxx:2525 

Chain POSTROUTING (policy ACCEPT) 
target     prot opt source               destination          

Chain OUTPUT (policy ACCEPT) 
target     prot opt source               destination

PROBLEM
When i telnet 70.86.157.xxx PORT 25 via an another server located in the same datacenter I receive :

Code:

[root@csz /]# telnet 70.86.157.xxx 25 
Trying 70.86.157.xxx... 
telnet: Unable to connect to remote host: Connection timed out

CHECKLIST
Firewall are set on both machine.
Outbound router is set. (I can direct telnet and connect on 24.203.99.xxx PORT 2525 from the server)

SERVER SPECS
Red Hat Enterprise Linux 3 ES (2.4.x)
Plesk r7.5.x
APF version 0.9.6
iptables v1.2.8

Someone?

[marlowe]

Code:

iptables -t nat -A PREROUTING -p TCP -d <linux_ip> --dport 25 -j DNAT
--to-destination <win_ip>:25

i think that's it. man iptables can tell you more about dnat.

[DotHQ]

Good thread. very interesting ...and something I should be able to put to use.

[simon24]

Still not working.. someone got a solution ?