iptables & dnat how to pass original src ip/domain info
hello,
I have setup iptables to dnat smtp traffic to my local mail server, but I lose the original ip/domain info in the process. Since sendmail is setup to reject all other traffic except that that is trusted, the nat traffic appears to come from a trusted source and it seems I'm presently an open relay.
How can I nat the traffic w/o losing the orginal source info?
Here's my iptables rules for smtp
$IPTABLES -t nat -A OUTPUT --dst $INET_IP -p tcp --dport 25 -j DNAT \
--to-destination $MAIL_SERVER
$IPTABLES -A FORWARD -i $INET_IFACE -p tcp \
-d $MAIL_SERVER --dport 25 -m state --state NEW -j ACCEPT
thanks!
|