iptables rule with dynamic IP
Running Debian 5, my /etc/init.d/iptables script uses iptables-restore to load my configuration from /etc/iptables.conf.
I have the following lines at the top of my .conf file:
The goal is to have SSMTP and IMAPS data forwarded to an internal server from laptops that roam (i.e. they could be inside or outside).
:PREROUTING ACCEPT [1821236:456663979]
:POSTROUTING ACCEPT [172140:27540417]
:OUTPUT ACCEPT [548347:57634249]
-A PREROUTING -p tcp -m tcp --dport 465 -j DNAT --to-destination 10.0.0.5:465
-A PREROUTING -p tcp -m tcp --dport 993 -j DNAT --to-destination 10.0.0.5:993
-A POSTROUTING -j MASQUERADE
The only problem with this setup is, it forwards all traffic destined to those ports back to that internal server -- including traffic from an internal machine trying to connect through NAT to another machine's port 463 or 995.
I want to set up a rule that forwards anything connecting to this machine's IPs on those ports, to the internal server; but let connections to those ports for any other IP to pass through.
The problem is, the machine has three IPs (internal, external, and localhost), and one of those is dynamic (external), so the rule would need to be dynamic enough to pick up any change in IP.
How can I create a rule of this form (or is it even possible):
-A PREROUTING -p tcp -d [this machine] -m tcp --dport 465 -j DNAT --to-destination 10.0.0.5:465