[plug] iptables-port forwarding pls help...

Tue, 07 Jan 2003 01:28:17 -0800 

Good Day!

I have a firewall having two NICs. My configuration:

domain - mydomain.com
eth0 - facing the internet
eth1 - secured network (say, 192.168.1.1)

I'm planning to forward all mails using mydomain.com into my virtual mail
server (say, 192.168.1.2). Obviously I made use of ports 25 (SMTP) and 110
(pop3) here. I did something like:

#iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to
192.168.1.2:25
#iptables -A FORWARD -p TCP -d 192.168.1.2 --dport 25 -s 0.0.0.0/0 -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp --dport 110 -i eth0 -j DNAT --to
192.168.1.2:110
#iptables -A FORWARD -p TCP -d 192.168.1.2 --dport 110 -s 0.0.0.0/0 -j ACCEPT

#iptables-save > /etc/sysconfig/iptables

when i do "iptables -t nat -L" it says:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere           tcp dpt:smtp
to:192.168.1.2:25
DNAT       tcp  --  anywhere             anywhere           tcp dpt:pop3
to:192.168.1.2:110

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


"iptables -L" it says:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.1.2        tcp dpt:smtp
ACCEPT     tcp  --  anywhere             192.168.1.2        tcp dpt:pop3

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I test thru telnetting from remote computer:

#telnet <eth0's ip add> 25
Trying xxx.xxx.xxx.xxx...

In here it seems like i can't connect using ports 25 and 110.

When i try to use nmap to determine ports 25 and 110 are open:

#nmap xxx.xxx.xxx.xxx

it says:

25/tcp     filtered    smtp
110/tcp    filtered    pop-3

I figure out that my forwarding doesn't seem to work at all. Did I miss
something here? What seems to be the problem? Please help!!!

Thanks,

Oliver








_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to