[WBEL-users] OT iptables DNAT forwarding
Ed Groth
ekg@tricity.wsu.edu
Thu, 26 Feb 2004 14:46:36 -0800
Daniel T. Gynn [Thu, Feb 26, 2004 at 12:52:03PM -0500]
> I know this is off topic, but I figured I'd give it a shot.
>
> I am going crazy trying to forward pop3 requests to another server.
> Everywhere I see on the internet, it seems to be correct. If I access
> from an internal address, it seems to work, but from an external one, it
> just times out. My rules are:
>
> $IPTABLES -A PREROUTING -t nat -p tcp --dport 110 -j DNAT --to $POP3
> $IPTABLES -A FORWARD -p tcp --dport pop3 -j ACCEPT
>
>
> I've even tried setting all rules to ACCEPT and it still won't work. Am
> I forgetting something?
Destination NAT only works when you're sure that all traffic passes
through the machine doing it. I don't think you're making this mistake
but it's a common "gotcha" so I figured I'd mention it.
The other thing is that it looks to me like your iptables rules forward *all*
pop3 traffic destined to *any* host to your pop3 server _except_ when destined to
your machine. You might want to add a destination host argument to the
PREROUTING command, and add an $IPTABLES -A INPUT -p tcp --dport pop3 -j ACCEPT.
I'm not sure if the latter command is necessary, but you might try it.
Also, I havent played with iptables for a while and this might be completely
wrong! :v)
Ed
>
>
> --
> -----------------------
> Daniel T. Gynn
> RHCE #806200978201621
> Essential Systems, Inc.
> 412-931-5403 ext. 1
> fax: 412-931-5425
> dan.gynn@essensys.com
> GnuPG Key http://www.essensys.com/~dan/gpgring.asc
> Fingerprint: 0979 73B8 847A 349E 7363 66F4 6A79 DD72 495D CD60