Support CETEMMSA wrote: >Sorry for my ignorance but I think that is possible with iptables rules. > >I would mask all traffic from 192.168.10.24 to tcp port 25 with real ip in >the firewall/gateway server. > >Is not possible?
No, you've missed the point. The DNAT will take care of translating the source address of the outgoing packets & dest address of incoming packets - that's not a problem. But mail programs will "chat" as part of the pre-amble to exchanging a message, and part of that preamble typically contains the host name (or IP address). I suspect the problem will be in the HELO clause, where one server says HELO to the other : $ telnet somemx.somedomain.com 25 Connected to somemx.somedomain.com. Escape character is '^]'. 220 somemx.somedomain.com ESMTP Postfix (Debian/GNU) HELO somesender.somotherdomain.com 250 somemx.somedomain.com ... The hostname used by the recipient (somemx.somedomain.com in this example) will largely be ignored, but many receiving servers will do some sanity checks on the hostname given in the HELO statement (somesender.somotherdomain.com here). While technically there is no requirement for this to be anything specific, it is normally expected to be the hostname of the sending device as a FQDN, or at least it's public IP address. It would not surprise me to find that people block mails from devices that identify themselves as an RFC1918 private address. A properly configured mail server should not do this, but a spam bot looking up it's hostname in many networks is likely to do so. Postfix allows this to be set by putting "myhostname = somemx.somedomain.com" in /etc/postfix/main.cf. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
