Iptables redirect problem
I am trying to configure a program called pop3vscan(pop3vscan.sourceforge.net) that sits on your network and hijacks pop3 mail download requests from peers on the network, making the request itself so it can download and virus scan the mail before it sends it on to the original requesting desktop. (very cool ;] ) The program grabs packets on port 110, extracts the dest mail server, and makes a connection with that server. It requires iptables for its packet redirection and linux 2.4.
I am running RedHat 7.3 and have sucessfully compiled the program. I had to shut off ipchains and turn on iptables:
chkconfig --level 0123456 ipchains off
service ipchains stop
chkconfig --level 235 iptables on
service iptables start
I received no errors in doing this. I then followed the directions in the program to set iptables for redirect:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport pop3 -j REDIRECT --to 8110
However, it seems that iptables is not working correctly or is ignoring the packets or something.. I can see the service running, netstat shows listen on 8110 and syslog shows the service is waiting for connections. But when I make one of the clients request mail, I see no activity on my pop3virus scan box, and the client goes directly to its mail server and downloads itself.
I changed the clients outlook properties to make the request directly to my virus scan box on port 110, and in syslog I see the program connect and extract the "real" pop3 host address which in this case is the box ip itself because thats where I set it to connect in outlook. It then dies becuase it can't connect to the "real" pop3 server (itself).
I think this shows the program is infact working, and would work if I could get the box to redirect the mail requests it sees on the LAN to itself. I can only assume this is some kind of iptables problem..?
I am a linux newbie and do not know how to debug/check if iptables is working correctly or where the tables are actually stored. I did an iptables -L and nothing came up, although I think its not related.
When I told outlook to connect directly to my virus box on port 8110, I got the same kind of message in syslog ("real" mail server address is my virus box ip) except it helpfully told me that this would loop
Last edited by soltrain; 08-02-2003 at 04:38 PM.