* DNAT for locally generated packets
@ 2003-10-14 22:06 Carlo Florendo
2003-10-16 16:55 ` local DNAT with bind,postfix,and iptables Carlo Florendo
0 siblings, 1 reply; 2+ messages in thread
From: Carlo Florendo @ 2003-10-14 22:06 UTC (permalink / raw)
To: netfilter
Hello,
The netfilter howto mentions that DNATting locally generated packets is not
possible in 2.4 kernels.
Is there any work-around for this?
Thanks!
Best Regards,
Carlo
------
Carlo Florendo
Astra Philippines Inc.
http://www.astra.ph
^ permalink raw reply [flat|nested] 2+ messages in thread
* local DNAT with bind,postfix,and iptables
2003-10-14 22:06 DNAT for locally generated packets Carlo Florendo
@ 2003-10-16 16:55 ` Carlo Florendo
0 siblings, 0 replies; 2+ messages in thread
From: Carlo Florendo @ 2003-10-16 16:55 UTC (permalink / raw)
To: netfilter
Hello,
I have a box which runs bind, postfix, and iptables. (Box A)
This box has 2 interfaces. One facing the net and the other the internal
network
There's another box behind the firewall that runs postfix and is part of the
internal network. (Box B).
Here's the setup.
-------------
| Internet |
--------------
|
|
| host: my.company.org
------------- Pub. IP: 219.21.114.33
| Box A | runs bind, iptables, postfix
-------------- Pri. IP: 192.168.0.1
|
|
------------- host: mx.my.company.org
| Box B | runs postfix
------------- Pri. IP 192.168.0.3
There is an mx entry in bind, in box A, which maps the IP address
219.21.114.34 to mx.my.company.org (Box B). Although Box B has no interface
that listens as 219.21.114.34, I've done a DNAT from Box A to Box B
so that, when Box A receives a request for 219.21.114.34, it does a DNAT to
192.168.0.3. With this way, Box B can
receive mails which it's supposed to receive.
This is how it worked:
iptables -t nat -A PREROUTING -i <public_iface> -d 219.21.114.34 \
-j DNAT --to 192.168.0.3
Now, here's my problem:
Since the internal network have their mail clients configured to use Box A
as their smtp server, there should be a way
for Box A to communicate with Box B using 219.21.114.34.
I cannot use Box B's IP 192.168.0.3 since this would break bind. If I do
this, mail from outside would not reach Box B.
Since mx requests for mx.my.company.org would return 192.168.0.3 which is
invalid within the internet.
The only way to do this is for Box A to be able to DNAT to box B using
locally generated connections (that is, connections that would be initiated
by Box A's smtp server).
The howto says that DNAT for locally generated packets is not possible in
2.4 kernels. Does this still hold true?
Is it possible to DNAT 219.21.114.34 to 192.168.0.3 if connections originate
from 219.21.114.33 (DNAT for locally generated packets)?
This solution obviously does does not work:
iptables -t nat -s 127.0.0.1 -d 219.21.114.34 -j DNAT --to 192.168.0.3
Any workarounds? Thanks!
Thanks!
Best Regards,
Carlo
------
Carlo Florendo
Astra Philippines Inc.
www.astra.ph
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-10-16 16:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-10-14 22:06 DNAT for locally generated packets Carlo Florendo
2003-10-16 16:55 ` local DNAT with bind,postfix,and iptables Carlo Florendo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.