LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   PORT FORWARDING for POP and SMTP (https://www.linuxquestions.org/questions/linux-networking-3/port-forwarding-for-pop-and-smtp-687423/)

mudasirm 12-01-2008 04:43 AM
PORT FORWARDING for POP and SMTP
 
I am trying to do Port Forwarding for POP and SMTP. My senario is as follows

INTERNET-- >(eth1 -- real ip)LINUX FIREWALL(eth0 -- class C)-- >Windows XP MAIL SERVER

Mail Server is not on Linux its using Windows XP.

Mail Server is also on Class C IP. I am trying to do Port Forwarding for port 25 and 110, but unable to achieve it. I am using follwing IPTABLES rule to do so

Code:
NETWORK=eth0
INTERNET=eth1
REAL_IP=xx.xx.xx.xx
MAIL_SERVER=xx.xx.xx.xx

iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 25 -j DNAT --to-destination $MAIL_SERVER:25
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 110 -j DNAT --to-destination $MAIL_SERVER:110

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT

iptables -t nat -A POSTROUTING -o $INTERNET -p tcp --dport 25 -j SNAT --to-source $REAL_IP
iptables -t nat -A POSTROUTING -o $INTERNET -p tcp --dport 110 -j SNAT --to-source $REAL_IP
These rules are not working however when i try to do Port Forwarding for other ports like VNC or HTTP in similar manner

Code:

iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j DNAT --to-destination $MAIL_SERVER:80
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 5900 -j DNAT --to-destination $MAIL_SERVER:5900
These Rules work perfect.

When i send mail from hotmail or any other mail service i am able to recieve at my internal mail server, but when i send mail from my mail server i am unable to recieve mails any where else except on the same domain.
And when i use a router instead of a linux machine for port forwarding every thing works fine including MAIL TRANSFER from and to the domain.


I think there might be something that i am missing or doing wrong. Please help me out in this.

Looking forward for a positive reply.

datopdog 12-01-2008 07:43 AM
This is really not a firewall as you are allowing all inbound connections to the firewall using this rule.
Code:
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Nothing is also stopping your outbound smtp connection as your FORWARD chain has policy allow.

You need to check on the windows machine it could be a default gw issue, if not then troubleshoot using tcpdump and telnet.

mudasirm 12-02-2008 12:44 AM
Hi,

Dear i know this is not a firewall. In real i am using MANGLE table to mark all KNOWN hosts and DROP all unknown hosts, and these DROP rules are at the top of all other rules which makes these rules work fine for me.

The only issue is with SENDING mails from my mail server, not in recieving mails.

I have no Access to Windows Machine, it is a pre-configured IBM Machine which i am not allowed to do anything with.

And can you tell me how can i use TCPDUMP to trace packets and debug this issue

Telnet to the mail server is working fine even from REMOTE location, thats why i am confused why the mail transfer is not working.

datopdog 12-02-2008 01:34 AM
The debugging would only work if you had access to the windows machine, but you can still simulate that using another machine on the lan you need to listen on your internal interface as well as the external interface and see what happens to the packets.

mudasirm 12-02-2008 11:09 PM
Hi,

Dear i can not simulate this senario, as i said the windows machine has been pre-configured by IBM, so i dont know what are the settings.

And regarding watching the internal and external interfaces, have been doing that for about 3 days, still dont understand where the packets are dropping.

Anyways, now i will try something new, and if it works i will post it here.

And i really appreciate your help.

hasanatizaz 12-03-2008 12:59 PM
hello mudasir bhai, congrats for your RHCE and good to see you here.


All times are GMT -5. The time now is 04:22 AM.