IPTABLES and SMTP
Hi All
I am using my FC5 box as a firewall to server 2003 running SMTP out
going mail server. I have redirected all port 25 traffic that comes in
the gateway to the windows box and this works fine from outside the lan.
My question is how do I redirect the port 25 traffic from the PC's on
the lan to the windows box. It all works if I use just the windows box
name "Server" but I would like it so that laptop users can access the
smtp server without having to change the smtp server settings in the
email client each time they travel.
Thanks in advance.
Here are the tables I am running.
# Windows Server 2003 IP 192.168.1.10.
# Public IP static. 195.195.195.195
# ETH0 Local Area Network
# ETH1 Internet
#
# Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# User defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
#
************************************************************************
*
# ***************** INPUT chain rules
*************************************
#
************************************************************************
*
# Rules for incoming packets
iptables -A INPUT -p ALL -i eth0 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 192.168.1.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 195.195.195.195 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -d 192.168.1.255 -j ACCEPT
# Packets for ESTABLISHED connections
iptables -A INPUT -p ALL -d 195.195.195.195 -m state --state
ESTABLISHED,RELATED -j ACCEPT
# TCP rules
# DNS Lookup
iptables -A INPUT -p TCP -i eth1 -s 0/0 --destination-port 53 -j okay
# IDENTD service
iptables -A INPUT -p TCP -i eth1 -s 0/0 --destination-port 113 -j okay
# UDP rules
iptables -A INPUT -p UDP -i eth1 -s 0/0 --destination-port 53 -j ACCEPT
# IMCP rules
iptables -A INPUT -p ICMP -i eth1 -s 0/0 --icmp-type 8 -j DROP
iptables -A INPUT -p ICMP -i eth1 -s 0/0 --icmp-type 11 -j ACCEPT
# ******************************************************************
# ******************* FORWARD chain rules **************************
# ******************************************************************
# Accept the packets to forward
# SMTP
iptables -A FORWARD -p tcp -i eth1 --dport 25 -d 192.168.1.10 -j ACCEPT
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# ******************************************************************
# ******************** OUTPUT chain rules **************************
# ******************************************************************
# Only packets with a local address (no spoofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 192.168.1.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 195.195.195.195 -j ACCEPT
# ******************************************************************
# ******************** PREROUTING chain values ********************
# ******************************************************************
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to
192.168.1.10:25
# ******************************************************************
# ******************** POSTROUTING chain values ********************
# ******************************************************************
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source
195.195.195.195
|