LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Iptables - port forwarding to blocked port? (http://www.linuxquestions.org/questions/linux-networking-3/iptables-port-forwarding-to-blocked-port-797734/)

spangberg 03-25-2010 04:11 AM

Iptables - port forwarding to blocked port?
 
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked... :(

How can I get this to work? Any ideas?

Thanks!
// Tomas

centosboy 03-25-2010 04:35 AM

Quote:

Originally Posted by spangberg (Post 3911445)
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked... :(

How can I get this to work? Any ideas?

Thanks!
// Tomas


1 option is to
run your mail daemon on port 10025 instead.
create iptables rules that redirect from 25 to 10025.

another is to run the daemon on both 25 and 10025. allow access to spam filter on 25 only and access to others on 10025.


some examples:

Code:

iptables -I INPUT -s spamfilter -p tcp -i eth0 --dport 25 -j ACCEPT
iptables -I PREROUTING -s spamfilter -t nat -p tcp -d x.x.x.x --dport 25 -j DNAT --to x.x.x.x:10025
iptables -I PREROUTING -s x.x.x.x -t nat -p tcp -d x.x.x.x --dport 25 -j DNAT --to x.x.x.x:10025


spangberg 03-26-2010 05:48 AM

Thanks!

Worked with both options, now I just have to decide which one to to use... :)

// Tomas


All times are GMT -5. The time now is 12:44 PM.