Find the answer to your Linux question:
Results 1 to 3 of 3
Hey all, I'm trying to get smtp redirects set up so that all outgoing smtp traffic from server .124 gets redirected to .127. I want a connection to be like ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2010
    Posts
    2

    [SOLVED] outgoing SMTP redirect


    Hey all,
    I'm trying to get smtp redirects set up so that all outgoing smtp traffic from server .124 gets redirected to .127. I want a connection to be like this:
    If I type
    Code:
     telnet mx1.hotmail.com 25
    I should see the greeting from the .127 server instead of hotmail's greeting.
    Is there a way to do this?
    I've been trying to get it set up through iptables on the .124 server. Here's the iptables config so far:
    Code:
    # Generated by iptables-save v1.3.5 on Thu Sep 23 10:55:27 2010
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [46806:2763003]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT 
    -A FORWARD -j RH-Firewall-1-INPUT 
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT 
    -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 
    -A RH-Firewall-1-INPUT -p esp -j ACCEPT 
    -A RH-Firewall-1-INPUT -p ah -j ACCEPT 
    -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT 
    -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT 
    -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT 
    -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
    -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
    COMMIT
    # Completed on Thu Sep 23 10:55:27 2010
    *nat
    -A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to 192.168.0.127:25
    -A POSTROUTING -j MASQUERADE
    COMMIT
    Any help would be much appreciated.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    How many interfaces does this box have?
    Have a look at THIS for DNAT

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Sep 2010
    Posts
    2

    solved

    I actually solved this one. I needed to change the prerouting rule to an output rule
    Here's my iptables-save
    # Generated by iptables-save v1.3.5 on Thu Sep 30 08:18:52 2010
    *nat
    :PREROUTING ACCEPT [295909:53600838]
    :POSTROUTING ACCEPT [12727873:766407621]
    :OUTPUT ACCEPT [12639721:761118661]
    -A OUTPUT -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.127:25
    COMMIT

    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [2134578821:146706820426]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p esp -j ACCEPT
    -A RH-Firewall-1-INPUT -p ah -j ACCEPT
    -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    COMMIT
    # Completed on Thu Sep 30 08:18:52 2010


    And it works!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •