iptables and ESMTP protocol

coal-fire-ice · 05-17-2007, 08:58 AM

i have a two machine setup where i have one machine as a mail server with ssl ESMTP on port 465, and the other machine to forward users from port 25 to port 465.

the first server - i.e. the one doing the esmtp is working fine.

i have used commands as following for the iptables bit;

Quote:

iptables -A PREROUTING -t nat -p tcp -d xxx.xxx.xxx.253 --dport 25 -j DNAT --to xxx.xxx.xxx.220:465
iptables -I FORWARD -p tcp -d xxx.xxx.xxx.253 --dport 465 -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d xxx.xxx.xxx.220 --dport 465 -j SNAT --to xxx.xxx.xxx.253
echo 1 | tee /proc/sys/net/ipv4/ip_forward

i know that iptables itself works because i am forwarding other protocols with the same server, but on this particular one all i get is a timeout when connecting with a mail-client.

is there something about the esmtp protocol that prevents it from talking back along this to the client computer.

thanks.

Centinul · 05-18-2007, 06:24 AM

Should:

Code:

iptables -I FORWARD -p tcp -d xxx.xxx.xxx.253 --dport 465 -j ACCEPT

be

Code:

iptables -I FORWARD -p tcp -d xxx.xxx.xxx.220 --dport 465 -j ACCEPT

Maybe I'm misunderstanding but the .253 IP has a dport of 25 in the IPTables rule above this one and I would think you would want a dport rule for .220.

HTH,

Centinul

coal-fire-ice · 05-20-2007, 11:35 AM

im so busy at the moment that i havent had time to try it out yet, but looking at the other two ports that i had configured they use the same format of 3 rules. both the others work. -- i shall when i get a free moment try it anyway, because perhaps for the other two protocols that rule is unneccessary. i dont know.

thanks anyway.

coal-fire-ice · 05-21-2007, 05:42 AM

no - i tried it, still the same problem