[plug] NAT port forward problem

Cameron Patrick cameron at patrick.wattle.id.au
Tue Sep 18 20:29:22 WST 2007


Adrian Chadd wrote:

> Its a multi-step process:
> 
> * tag the packets in iptables;
> * setup policy routing in iproute2 to select a different routing table based on
>   the marking you did in step 1;
> * configure your mail server to intercept the packets coming to it on port 25

It's definitely possible (or used to be) using less evil than that.  I
seem to recall a different iptables target that you could use to force
the kernel to create a new connection that appeared to originate from
the firewall machine; failing that, you could always use -j REDIRECT to
a local port and do the forwarding in user space...

Cameron




More information about the plug mailing list