SMTP port forward

[Marek Butas]

Ahoj

Nejak to nemohu rozbehnout a vubec nevim, kde je chyba. Maskarada
chodi, ale ten portforwarding ne a ne.
Tak je ukazka ze skriptu.

#!/bin/sh
# chkconfig: 2345 11 89
# description: Sets up a firewall ruleset, uses iptables.

# Modify the routing table
route add -host X.X.X.X/32 dev eth0
route add -host 10.0.1.1/32 dev eth1
route add -net 10.0.0.0 netmask 255.255.255.0 dev eth1 gw 10.0.1.3

# Load modules
/sbin/depmod -a
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

echo "1" > /proc/sys/net/ipv4/ip_forward

# Flush all the rules in the filter and nat tables
iptables -F
iptables -t nat -F

# Set default policy for FORWARD chain to DENY
iptables -P FORWARD DROP

# Modify FORWARD chain - accept outgoing packets from both subnets
iptables -A FORWARD -i eth1 -s 10.0.0.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.0.1.0/24 -j ACCEPT

# Modify FORWARD chain - accept incoming packets for both subnets
iptables -A FORWARD -i eth0 -d 10.0.0.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 10.0.1.0/24 -j ACCEPT

# Masquerade
iptables -t nat -P POSTROUTING DROP
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# SMTP forwarding
iptables -t nat -A PREROUTING -p TCP -d X.X.X.X --dport 25 -j DNAT
--to 10.0.1.2:25
iptables -A FORWARD -i eth0 -o eth1 -p TCP -d 10.0.1.2 --dport 25 -j
ACCEPT

"Neco" to prece jen dela. Telnet na jakekoliv jine porty je okamzite
odepren (Connection refused), ale na smtp port to zkousi a nic se
nedeje.


A jeste bych mal jeden dotaz. Na portu 25 na masine X.X.X.X nic
neposloucha (je v xinetu zablokovana), ale to hadam je spravne.

Dik moc
Marek Butas

______________________________________________________________________
Jake bude pocasi? http://pocasi.seznam.cz