[ILUG] Modifying outgoing packets
adrian.flynn at worldtravel.ie
Wed Sep 12 12:14:19 IST 2001
Could anyone advise how best to modify outgiong IP packets on a 2.2.16
machine (using ipchains)?
My ISP has moved my mail server which had a public static address, to a
private address, and set up a NAT on the firewall. This in itself is not a
problem, but a difficulty arises when my mail server attempts to send mail
to another NATed mail server within the ISP (many domains). A DNS lookup of
the MX records returns the public IP address which is unreachable from
within the private network. As far as I can see, there are a few options:
1. Modify the mail server (Postfix) to do the MX lookup, and then check the
resulting IP address against a given list of mail servers known to the NATed
on our private network. If a match is found, then translate to private IP
address and continue as normal.
I cannot find an option to do this in Postfix (smtp)
2. Create 'dummy' local DNS MX entries for all domains which require
This is messy and requires a lot of maintenance.
3. Manipulate outgoing packets being sent to port 25 of the public IP
addresses for known mail servers on the NATed network, rewriting the
destination address to the private IP address. As far as I can tell, this is
what is known as DNAT in iptables, but this is a 2.2.16 machine so this is
not an option without a significant upgrade.
Does anyone have any ideas??
World Travel Centre
35 Pearse Street
Email adrian.flynn at worldtravel.ie
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.274 / Virus Database: 144 - Release Date: 23/08/2001
More information about the ILUG