LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-03-2013, 05:42 AM   #1
piquezino
LQ Newbie
 
Registered: Aug 2012
Location: Troyes, France
Distribution: Ubuntu
Posts: 15

Rep: Reputation: Disabled
Iptables port forwarding impossible to port 25


Hello

I have a server at home and one very small server in a datacenter.

I use iptables with NAT to forward the server in the datacenter to my server at home.

The problem is, when I want to forward the port 25. It's work when I use this rule :
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
But, with this rule, all input traffic use the datacenter server's IP (For example, I can't see my IP in the access.log, but I see the datacenter server's IP)

When I use this iptables rule, all seems to work:
Code:
iptables -t nat -A POSTROUTING -s MY_HOME_IP -o eth0 -j MASQUERADE
The HTTP traffic work, IMAP, POP too, but not the SMTP traffic : I get a connection refused

I use theses iptables rules to forward ports to my home server's IP address :
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport <PORT> -j DNAT --to <MY_HOME_IP>:<PORT>
I think the packet is lost because it never reach the mail server.

Thanks for any help !

Last edited by piquezino; 12-03-2013 at 06:21 AM.
 
Old 12-03-2013, 09:51 AM   #2
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 982
Blog Entries: 2

Rep: Reputation: 244Reputation: 244Reputation: 244
Is it possible your DC's ISP routes port 25 traffic to their own smarthost?
 
Old 12-03-2013, 10:53 AM   #3
piquezino
LQ Newbie
 
Registered: Aug 2012
Location: Troyes, France
Distribution: Ubuntu
Posts: 15

Original Poster
Rep: Reputation: Disabled
No, when I telnet to my home server's address IP via my datacenter server, it's work.
 
Old 12-03-2013, 12:29 PM   #4
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,797

Rep: Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222
When you do that successful telnet, are you going to port 25? Many ISPs do not allow port 25 traffic on residential accounts.
 
Old 12-03-2013, 01:38 PM   #5
piquezino
LQ Newbie
 
Registered: Aug 2012
Location: Troyes, France
Distribution: Ubuntu
Posts: 15

Original Poster
Rep: Reputation: Disabled
When I do telnet on port 25 that's work. Only if I use my home ip adress or the server ip address when I use the first masquerade rule.

It's when I specify a source IP in the masquerade it block.

My ISP block the outgoing traffic, but it's not a problem.

When I use the dedicated server IP with the source option (-s) in the masquerade rule:
Quote:
[root@Nix ~]# telnet 178.33.197.xxx 25
Trying 178.33.197.163...
^C
When I telnet to my home IP from the dedicated server :

Quote:
[root@Hermes ~]# telnet 109.219.229.xxx 25
Trying 109.219.229.xxx...
Connected to 109.219.229.xxx.
Escape character is '^]'.
220 mail.xxxxxxxxx.eu ESMTP (Debian/GNU)
^]
telnet> quit
Connection closed.
When I telnet to my server IP from a friend's server with no source option to my iptable rule:

Quote:
[root@Mercury ~]# telnet 178.33.197.xxx 25
Trying 178.33.197.xxx...
Connected to 178.33.197.xxx.
Escape character is '^]'.
220 mail.xxxxxxxxx.eu ESMTP (Debian/GNU)
^]
telnet> quit
Connection closed.
The is problem with this rule is when I specify no option in the masquerade rule, all IPs are rewritten by 178.33.197.xxx (INPUT and OUTPUT)

Last edited by piquezino; 12-03-2013 at 01:48 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] IPtables : ssh port forwarding one port to another port issue routers Linux - Networking 7 08-07-2018 09:41 AM
Iptables - port forwarding to blocked port? spangberg Linux - Networking 2 03-26-2010 05:48 AM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
port forwarding with iptables kkennedy Linux - Networking 1 09-01-2005 07:48 PM
Port 80 forwarding to port 22 with iptables zahoo Linux - Networking 3 02-22-2005 08:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration