Originally Posted by spangberg
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
How can I get this to work? Any ideas?
1 option is to
run your mail daemon on port 10025 instead.
create iptables rules that redirect from 25 to 10025.
another is to run the daemon on both 25 and 10025. allow access to spam filter on 25 only and access to others on 10025.
iptables -I INPUT -s spamfilter -p tcp -i eth0 --dport 25 -j ACCEPT
iptables -I PREROUTING -s spamfilter -t nat -p tcp -d x.x.x.x --dport 25 -j DNAT --to x.x.x.x:10025
iptables -I PREROUTING -s x.x.x.x -t nat -p tcp -d x.x.x.x --dport 25 -j DNAT --to x.x.x.x:10025