iptables question
 

Hi Everyone.

I am replacing a router appliance with a linux box.

The router has two interfaces, the public ip (DSL) (ppp0) call it 1.2.3.4, and the local network eth0 (192.168.0.1).

There are DNAT's setup for port 110 (to allow people from the outside to check email on an internal server (192.168.0.1).

Some people also use the public IP to access email from within the private network - so they access 1.2.3.4 from within 192.168.0.0/24 and it is redirected from the router appliance back to internal server
EG ... client (192.168.0.51) access 1.2.3.4:110 goes via the router, router then relays it to 192.168.0.2 (all within the same subnet!)

I have tried using a guide similar for transparent proxying, but it just doesn't go anywhere... any suggestions? Basically I just want to router to redirect/relay to a different machine on the same subnet.


Thanks,
Andrew.

maybe something like this (going from memory, may need to check position, switches, ... for accuracy if you get any errors):
you'll also want a typical "RELATED,ESTABLISHED" ACCEPT rule, the ip_conntrack module(s), and have enabled ip forwarding.

Since the linux router "owns" both the IP on ppp0 and eth0 it should respond to your clients on the LAN regardless of the interface that the request comes in on.

Hope this helps.

If the hosts are on the same subnet as the mail server why not just access it directly instead of going through the router? Do you have a dns server? If so then just make any entry for 192.168.0.1 that maps to that hostname. If no dns server then modify the /etc/hosts files for all the host computers. Or just configure each machine's respective email client to use the IP address of the mail server.