LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Modifying outgoing packets

[ILUG] Modifying outgoing packets

JustinMacCarthy macarthy at iol.ie
Wed Sep 12 15:49:04 IST 2001 

Some orgs have an internal DNS server with the Nat'ed ip mapped to the Dns
name
~J
----- Original Message -----
From: "Conor Daly" <conor.daly at met.ie>
To: <ilug at linux.ie>
Sent: Wednesday, September 12, 2001 1:07 PM
Subject: Re: [ILUG] Modifying outgoing packets


> On Wed, Sep 12, 2001 at 12:13:42PM +0100 or thereabouts, Adrian Flynn
wrote:
> > Hi all
> >
> > Could anyone advise how best to modify outgiong IP packets on a 2.2.16
> > machine (using ipchains)?
> > My ISP has moved my mail server which had a public static address, to a
> > private address, and set up a NAT on the firewall. This in itself is not
a
> > problem, but a difficulty arises when my mail server attempts to send
mail
> > to another NATed mail server within the ISP (many domains). A DNS lookup
of
> > the MX records returns the public IP address which is unreachable from
> > within the private network. As far as I can see, there are a few
options:
> > 1. Modify the mail server (Postfix) to do the MX lookup, and then check
the
> > resulting IP address against a given list of mail servers known to the
NATed
> > on our private network. If a match is found, then translate to private
IP
> > address and continue as normal.
> > I cannot find an option to do this in Postfix (smtp)
> >
> > 2. Create 'dummy' local DNS MX entries for all domains which require
> > translation.
> > This is messy and requires a lot of maintenance.
> >
> > 3. Manipulate outgoing packets being sent to port 25 of the public IP
> > addresses for known mail servers on the NATed network, rewriting the
> > destination address to the private IP address. As far as I can tell,
this is
> > what is known as DNAT in iptables, but this is a 2.2.16 machine so this
is
> > not an option without a significant upgrade.
> >
> > Does anyone have any ideas??
>
> AFAICT, you can do that with the ipchains rules.  You need to go get the
> port forwarding patch and then use an ipfwadm rule to forward packets for
> <external.mail.server.ip> 25 to <private.mail.server.ip> 25
>
> I don't remember the details of the patch but it's out there on the ipmasq
> mailing list.  If I get time later, I'll look it up at home.
>
> Conor
> --
> Conor Daly
> Met Eireann, Glasnevin Hill, Dublin 9, Ireland
> Ph +353 1 8064276 Fax +353 1 8064275
> ------------------------------------
>  12:04pm  up 12 days, 19:02,  8 users,  load average: 0.00, 0.06, 0.15
>
> --
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription
information.
> List maintainer: listmaster at linux.ie
>
>

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell