LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Route port 25 to interface eth2
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 06-25-2007, 10:11 AM   #1
ajaimes
Member
 
Registered: Dec 2004
Distribution: Ubuntu
Posts: 34

Rep: Reputation: 15
Route port 25 to interface eth2

Hello guys!

I have a network with an internal mail server and a linux proxy. I wonder if there's a way to tell iptables to route all internal SMTP (25) traffic (coming to proxy through eth1) to the external interface eth2?

this is what I have, but does not do the work:

iptables -A INPUT -i eth1 -p tcp --destination-port 25 -j ACCEPT

It's worth to mention that I have two external interfaces (eth2 and eth3) and SMTP traffic should only go out using eth2.

Thank you
Andi.
 
Old 06-25-2007, 07:26 PM   #2
ajaimes
Member
 
Registered: Dec 2004
Distribution: Ubuntu
Posts: 34

Original Poster
Rep: Reputation: 15
Please help me!!!

I have improved my rule but still does not work:

iptables -I FORWARD 1 -p tcp -i eth1 --dport 25 -o eth2 -j ACCEPT
 
Old 06-25-2007, 07:34 PM   #3
ajaimes
Member
 
Registered: Dec 2004
Distribution: Ubuntu
Posts: 34

Original Poster
Rep: Reputation: 15
do you think the reason might be the order in which INPUT, FORWARD and OUTPUT are evaluated? which is the right order?
 
Old 06-25-2007, 07:44 PM   #4
wildar
Member
 
Registered: Jan 2007
Distribution: Mandriva 2008, Mandrake 2005, Ubuntu 8.04.1
Posts: 239

Rep: Reputation: 30
Try it this way:

iptables -A FORWARD -p tcp -i eth1 -o eth2 -s 0/0 --dport 25 -j ACCEPT
 
Old 06-25-2007, 07:46 PM   #5
manwichmakesameal
Member
 
Registered: Aug 2006
Distribution: Slackware
Posts: 694

Rep: Reputation: 62
It kinda depends on what rules you have before it. If you have a rule to drop all traffic on a certain port or range of ports on a certain interface, and the port and interface you need is included in that rule, it will be dropped before it even gets to your rule.
 
Old 06-25-2007, 07:54 PM   #6
ajaimes
Member
 
Registered: Dec 2004
Distribution: Ubuntu
Posts: 34

Original Poster
Rep: Reputation: 15
Thank you wildar, but it didn't work mail is still going through eth3... :-(

what do you think about the order idea?

Now I know the correct order is INPUT, FORWARD, OUTPUT so my guess is there should be a rule in INPUT that looks for port 25 and redirects it to FORWARD... I tried doing it but iptables says syntax is wrong:

iptables -I INPUT 1 -p tcp -i eth1 -o eth2 -s 0/0 --dport 25 -j FORWARD
 
Old 06-25-2007, 07:59 PM   #7
ajaimes
Member
 
Registered: Dec 2004
Distribution: Ubuntu
Posts: 34

Original Poster
Rep: Reputation: 15
Hi manwichmakesameal, I have these rules in INPUT:

Chain INPUT (policy DROP)

target prot opt in out source destination
ACCEPT 0 -- * * 192.168.10.0/24 192.168.10.1/24
ACCEPT 0 -- * * 0.0.0.0/24 0.0.0.0/24

what I understand is if this applies first, then all traffic is being manipulated by INPUT and not by FORWARD... am I right?
 
Old 06-26-2007, 09:45 AM   #8
ajaimes
Member
 
Registered: Dec 2004
Distribution: Ubuntu
Posts: 34

Original Poster
Rep: Reputation: 15
Any ideas?
 
Old 06-27-2007, 02:39 AM   #9
rossonieri#1
Member
 
Registered: Jun 2007
Posts: 359

Rep: Reputation: 34
hi,

why dont you do the inverse operation :
blocking other port to destination 25 - except the one you want.

HTH.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create a route to a usb0 interface? cmisip Linux - Networking 13 03-01-2007 11:07 PM
Is it not possible to route incomming port to another external port? ziggie216 Linux - Software 5 12-03-2005 06:16 PM
ping on wrong interface despite route ocgltd Linux - Networking 1 09-26-2005 11:23 PM
route locally generated traffic to ip:port to localhost:port maenho Linux - Software 2 03-11-2005 04:08 AM
Route all traffic of a given type to an interface tsweatt Linux - Networking 0 09-01-2003 12:24 PM


All times are GMT -5. The time now is 06:35 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration