Probably a simple Shorewall question - forward new email traffic to 2nd server
 

We purchased another company that has their own domain and email server (Exchange). The server sits inside our network now but I need to accept email traffic for their domain through my firewall and forward it to an internal email server for a few weeks while we transition users off of that server. Essentially I need to run a second email server inside our network EXCEPT that this particular email server will only be getting traffic from 5 specific IP addresses since they use a service to filter their email.

Is it wise to allow all traffic from those specific IP addresses through and forward them to the Exchange server IP address? I know the company and trust them. Also will my plan work? Most of all how do I configure Shorewall to do this forwarding? Thanks in advance.

So I answered my won question.

DNAT net:123.123.123.0/24 loc:192.168.1.50:25 tcp 25

Will forward all requests from 123.123.123.0 network to the second email server running on 192.168.1.50. (Note this line needs to go before your normal email server DNAT entry or it won't get processed correctly.

I also needed the following line to allow the second email sever to send mail OUT through the firewall

ACCEPT loc:192.168.1.50 net tcp 25

All pretty basic but maybe it will help someone else out in the future.

Thank you for taking the time to share with us your solution.