Hali,
saz wrote:> Hi guys, i have a problem with a configuration what i''m trying to
do.
> I have two computers with linux, A and B, connected in the same network
> with this configuration:
>
> PC1 A: 192.168.192.1
>
> PC2 B: 192.168.192.30
>
> The PC1 A is a firewall doing nat... this one is connected to the
> internet via an adsl modem and of course it have its own public ip , and
> the router B is a smtp server but connected behind the router A, what
> i''m trying to do is redirect the smtp incoming traffic of the
router A
> to the router B using iproute2 and nerfilter tools
>
> This is the configuration on the router A:
>
> *iptables -t mangle -A POSTROUTING -p tcp --dport 25 -j MARK --set-mark
> 1* ( this marks the smtp packets with 1 )
>
> i create a table called "smtp" in the rt_tables file.
>
> *ip rule add fwmark 1 table smtp* ( this is the rule for my table smtp )
>
> and finally i declare a via in my smtp table, so the smtp traffic would
> have to go by this way.
>
> *ip route add default via 192.168.192.30 table smtp*
> **
> Ok... for example if i make a telnet to PC1 on the 25 port.. this should
> redirect me to PC2 where is my real smtp server, but is not
> working... any idea of why ? the PC2 have not a firewall..
I think you totally misunderstood a few things. Routing is a different
layer (IP) than port 25 (smtp, TCP). You can not make tcp port 25
redirect using routing tools.
Here is an axample how to do it.
$IPTABLES -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -s $ANYWHERE -p
tcp --dport 25 -j DNAT --to-destination 192.168.1.x:25
$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -d $INTERNAL_NET -p TCP -s
$ANYWHERE --sport $UNPRIVPORTS \
-d 192.168.1.x --dport 25 -j ACCEPT
I recommend you to read a book about basic networking layers and/or
iptables.
--
Udv,
Nandor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/