On Tuesday 13 November 2001 06:05, Ray Leach wrote:
No, I'm trying to do reverse masq (incoming) to the mail server.
Lets see how the packets should go according to your rules: Incoming Packet: client: SRC=client_IP DST=MX_Mailserver_IP on the firewall: SRC=client_IP DST=internal_Mailserver_IP (Prerouting rule) - IMHO this one goes only through the FORWARD chain, not the INPUT (man iptables) - Is the routig on the firewall ok ? - Is forwarding in the kernel enabled ? Mailserver gets this packet and answers: Outgoing Packet: on the mailserver: SRC=internal_Mailserver_IP DST=client_IP - Is the routing on the mailserver ok ? on the firewall: IMHO SRC should now be masqueraded to MX_Mailserver_IP so that the client gets the right answer packet Another solution could be: You could also omit the prerouting rule and work with official IPs all the time, as your mailserver already has one. In this case you only have to allow forwarding of these packets. Plus give your mailserver interface both the internal and official IP adresses (should work on windoze too..) Andreas Baetz ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************