Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am testing my setup which will have 2 public servers. HTTP & MAIL both with reverse DNS established.
www.mydomain.no -> xxx.xxx.xxx.034 -> internal name server
mail.mydomain.no -> xxx.xxx.xxx.035 -> internal name mail
Both addresses are on the same NIC with 34 being the main address.
The system work fine except one thing. The IP address mail sends out from is the Firewall Address _FW. I can see why as the default gateway set on the mail server is the FW_IP (The main gateway ip)
How can I get the MAIL server to send through it's own public IP.
I understand I can change the Firewall public IP to that of the Mail server and that would cure the problem for now. If it's possible I would like to learn a little in the process.
Clip from a test email routing information
Received: from mail.mydomain.no (www.mydomain.no [xxx.xxx.xxx.34])
I have the following in my iptables
# PUBLIC_IP_FW & PUBLIC_IP_SP are the same but will allow future changes without major rewrite
PUBLIC_IP_FW="xxx.xxx.xxx.34"
PUBLIC_IP_SP="xxx.xxx.xxx.34"
PUBLIC_IP_MAIL="xxx.xxx.xxx.35"
# Default gateway IP Address
FW_IP="192.168.1.1"
SERVER_IP="192.168.1.10"
MAIL_IP="192.168.1.20"
# SERVER SERVER - HTTP HTTPS RDP BIM-SERVER - xxx.xxx.xxx.34
iptables -A FORWARD -p tcp -d $SERVER_IP -m multiport --dports $SERVER_PORTS -j ACCEPT
# MAIL SERVER - SMTP HTTP POP IMAP HTTPS RDP - xxx.xxx.xxx.35
iptables -A FORWARD -p tcp -d $MAIL_IP -m multiport --dports $MAIL_PORTS -j ACCEPT
iptables -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
iptables -A OUTPUT -p ALL -s $FW_IP -j ACCEPT
iptables -A OUTPUT -p ALL -s $PUBLIC_IP_FW -j ACCEPT
iptables -A OUTPUT -p ALL -s $PUBLIC_IP_MAIL -j ACCEPT
# SERVER SERVER
iptables -t nat -A PREROUTING -d $PUBLIC_IP_SP -p tcp -m multiport --dports $SERVER_PORTS -j DNAT --to $SERVER_IP
# MAIL SERVER
iptables -t nat -A PREROUTING -d $PUBLIC_IP_MAIL -p tcp -m multiport --dports $MAIL_PORTS -j DNAT --to $MAIL_IP
# SERVER SERVER
iptables -t nat -A POSTROUTING -d $SERVER_IP -s $LOCAL_NET -j SNAT --to-source $FW_IP
# MAIL SERVER
iptables -t nat -A POSTROUTING -d $MAIL_IP -s $LOCAL_NET -p tcp -m multiport --dports $MAIL_PORTS -j SNAT --to-source $FW_IP
# Masquarade to internet
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source $PUBLIC_IP_FW
Look, this rule means:
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source $PUBLIC_IP_FW
change EVERY packet IP that goes out from interface ETH1 to IP=$PUBLIC_IP_FW.
That rule doesn't care about "what inside" of the traffic, it cares only about outgoing interface.
You can add "--dports $MAIL_PORT" to that rule.
BUT you have to remember that iptables check rules from TOP to BOTTOM, so if most detailed rule will be bellow most common it will never be reached.
Please, post output of the command "iptables-save", WITHOUT any private IPs.
Then, when you press enter, this rule will go to iptables immediately, but you need to check it.
Type "iptable-save", and in the output you have to find you new rule BETWEEN:
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 19...
--> HERE
-A POSTROUTING -o eth1 -j SNAT --to...
As long as you already used "-o eth1" and "--dports" instruction, you need to add something else, which will describe the difference. It can be a destination address, "-d x.x.x.x" if it is static.
Or like you did, if source IP is different.
And you need to add new rules to the start script, to load them all together every boot time.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.