Thanks a lot for your answers. I found the solution in the file masq. Thanks works ok but the mail servers rejects my emails because these use the internal IP of my server (I need to configure the SMTP for not use the internal ip).
Thanks a lot Toni -----Mensaje original----- De: Tom Eastep [mailto:[email protected]] Enviado el: miércoles, 15 de abril de 2009 16:13 Para: Shorewall Users Asunto: Re: [Shorewall-users] How to mask the internal ip of my mail server Simon Hobson wrote: > Support CETEMMSA wrote: > >> Sorry for my ignorance but I think that is possible with iptables rules. >> >> I would mask all traffic from 192.168.10.24 to tcp port 25 with real ip in >> the firewall/gateway server. >> >> Is not possible? > > No, you've missed the point. The DNAT will take care of translating > the source address of the outgoing packets & dest address of incoming > packets - that's not a problem. That's actually the role of SNAT, not DNAT :-) But you are correct -- no communication with the net would be possible without an appropriate entry in /etc/shorewall/masq. If the firewall were really sending packets with an RFC 1918 source IP, when ANY remote server responded, the responses would go into the bit bucket. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ---------------------------------------------------------------------------- -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
