Forwarding port to external server via iptables

Hi All,

i would like to use my private linux box as a SMTP proxy server. What i
would like to do si the following:


| Any mail client | --> | my server:10025 | --> | external server:25 |


I would like to send emails to an external SMTP server but configure
the email client to use the IP and a specific port on my own server.
This should be possible not only from internal client but from
everywhere.

Is that also possible with iptables or do i need any other piece of
software ?

Any help is highly appreciated!

Thanks, Martin

On 2005-07-21, (E-Mail Removed) <(E-Mail Removed)> wrote:
> i would like to use my private linux box as a SMTP proxy server. What i
> would like to do si the following:
>| Any mail client | --> | my server:10025 | --> | external server:25 |

I'd configure an smtp server to listen to port 10025 for incoming
connection and then relay the mail externally. But be sure to use
smtp authentication, otherwise you'd open up a relay that could
(and will) be used for spamming all over the world.

Davide

--
Internet is so big, so powerfull and so pointless, that for more people
is a substitute for life.

Unfortunately that's not an option because i have to ensure that the
mail header will not list the "proxy" server. Therefore i would like to
simply forward the connection.

Thanks, Martin

(E-Mail Removed) wrote:
> Hi All,
>
> i would like to use my private linux box as a SMTP proxy server. What i
> would like to do si the following:
>
>
> | Any mail client | --> | my server:10025 | --> | external server:25 |
>
>
> I would like to send emails to an external SMTP server but configure
> the email client to use the IP and a specific port on my own server.
> This should be possible not only from internal client but from
> everywhere.
>
> Is that also possible with iptables or do i need any other piece of
> software ?
>
> Any help is highly appreciated!
>
> Thanks, Martin

I think this should do it [disclaimer: not tested!!]. I do something
rather simular for news servers, but without the port mapping.

iptables -A PREROUTING -p tcp -m tcp --dport 10025 -j DNAT \
--to-destination $EXTERNAL_SERVERS_IP:25

iptables -A POSTROUTING -d $EXTERNAL_SERVERS_IP -p tcp -m tcp \
--dport 25 -j SNAT --to-source $THIS_SERVERS_IP

Chris
--
Get control of Peer-to-peer traffic with linux firewalls.
http://www.lowth.com/rope
Minimal "false positive" matching of eDonkey, Bittorrent,
Gnutella etc.

>iptables -A PREROUTING -p tcp -m tcp --dport 10025 -j DNAT \
> --to-destination $EXTERNAL_SERVERS_IP:25
>
>iptables -A POSTROUTING -d $EXTERNAL_SERVERS_IP -p tcp -m tcp \
> --dport 25 -j SNAT --to-source $THIS_SERVERS_IP
>
>Chris

Don't forget to specify the table! And if I'm not mistaken, the
POSTROUTING rule is unnecessary. The nat table does some magic in the
background that makes sure that the return packets are correctly
routed/NATed.

Try this:
iptables -t nat -A PREROUTING -p tcp --dport 10025 -j DNAT --to
EXTERNAL_SERVER_IP:25

you can stick a "-d $MY_IP" in there if you only want to affect traffic
going to a particular interface.

Note that *on the command line* the "-m tcp" isn't necessary if you use
"-p tcp". If it's in an iptables-save file, they both must be there.
Also, "--to" can double for "--to-destination" or "--to-source".

Also, never forget to turn on IPv4 forwarding! Either echo 1 >
/proc/sys/net/ipv4/ip_forward, or edit your sysctl.conf file for
cross-reboot persistence.