|
Hello,
This is a little problem I can't solve for now; so
I'm asking for help if something simple and obvious I have missed to
do...
Well, on the x.x.x.x box, for locally
generated traffic, there should be dst address changed for
every packet going for y.y.y.y:25 (tcp) to
z.z.z.z:25.
And i did:
#> iptables -I OUTPUT -t nat -p tcp -d
y.y.y.y --dport 25 -j DNAT --to z.z.z.z:25
Now, when I try if this is working, there is
no connection made:
#> telnet y.y.y.y
25
Trying y.y.y.y ....
On the other hand, tethereal on the output
interface (eth5) shows that first packet goes OK (dst changed, SYN flag
set), 2nd get back also good (SYN,ACK, to the same source port), but the 3rd
one, going out of box, put RST flag, and new source port........
1. X.X.X.X -> Z.Z.Z.Z TCP 50384
> 25 [SYN] Seq=1195885807 Ack=0 Win=5840 Len=0
2. Z.Z.Z.Z -> X.X.X.X TCP 25 > 50384
[SYN, ACK] Seq=2431219150 Ack=1195885808 Win=8760 Len=0
3. X.X.X.X -> Z.Z.Z.Z TCP 1037 > 25
[RST] Seq=1195885808 Ack=0 Win=0 Len=0
^^^^
^^^^^
4. Z.Z.Z.Z -> X.X.X.X TCP 25 > 50384
[SYN, ACK] Seq=2431219150 Ack=1195885808 Win=8760 Len=0
5. X.X.X.X -> Z.Z.Z.Z TCP 1037 > 25
[RST] Seq=1195885808 Ack=0 Win=0 Len=0
6. X.X.X.X -> Z.Z.Z.ZTCP 50384 > 25 [SYN] Seq=1195885807 Ack=0 Win=5840 Len=0 7. Z.Z.Z.Z -> X.X.X.X TCP 25 > 50384 [ACK] Seq=2431219151 Ack=1195885808 Win=8760 Len=0 8. X.X.X.X -> Z.Z.Z.ZTCP 1037 > 25 [RST] Seq=1195885808 Ack=0 Win=0 Len=0 9. Z.Z.Z.Z -> X.X.X.XTCP 25 > 50384 [SYN, ACK] Seq=2431219150 Ack=1195885808 Win=8760 Len=0 10. X.X.X.X -> Z.Z.Z.ZTCP 1037 > 25 [RST]
Seq=1195885808 Ack=0 Win=0 Len=0
...
...
By the way,this box
has several interfaces, among which one is on local network eth0 (192.168.3.3),
and other, eth5 (x.x.x.x) is on ISP's LAN, so SNAT is
done:
#> iptables -I POSTROUTING -t nat -i eth0
-o eth5 -d x.x.x.0/24 -j SNAT --to x.x.x.x
Also, (static) routing is ok...
So how can I transfer traffic destined
to one mail server to other one, without changing DNS data for specific
domain (ie MX record)??
|
