[plug] NAT port forward problem
Adrian Chadd
adrian at creative.net.au
Tue Sep 18 20:36:52 WST 2007
On Tue, Sep 18, 2007, Cameron Patrick wrote:
> Adrian Chadd wrote:
>
> > Its a multi-step process:
> >
> > * tag the packets in iptables;
> > * setup policy routing in iproute2 to select a different routing table based on
> > the marking you did in step 1;
> > * configure your mail server to intercept the packets coming to it on port 25
>
> It's definitely possible (or used to be) using less evil than that. I
> seem to recall a different iptables target that you could use to force
> the kernel to create a new connection that appeared to originate from
> the firewall machine; failing that, you could always use -j REDIRECT to
> a local port and do the forwarding in user space...
Sure for low volumes. for high volumes you end up wasting conntrack/nat
sessions. :)
Its easier under FreeBSD too. ipfw blah blah fwd ip,port.
Adrian
More information about the plug
mailing list