[ILUG] Modifying outgoing packets
JustinMacCarthy
macarthy at iol.ie
Wed Sep 12 15:49:04 IST 2001
Some orgs have an internal DNS server with the Nat'ed ip mapped to the Dns
name
~J
----- Original Message -----
From: "Conor Daly" <conor.daly at met.ie>
To: <ilug at linux.ie>
Sent: Wednesday, September 12, 2001 1:07 PM
Subject: Re: [ILUG] Modifying outgoing packets
> On Wed, Sep 12, 2001 at 12:13:42PM +0100 or thereabouts, Adrian Flynn
wrote:
> > Hi all
> >
> > Could anyone advise how best to modify outgiong IP packets on a 2.2.16
> > machine (using ipchains)?
> > My ISP has moved my mail server which had a public static address, to a
> > private address, and set up a NAT on the firewall. This in itself is not
a
> > problem, but a difficulty arises when my mail server attempts to send
mail
> > to another NATed mail server within the ISP (many domains). A DNS lookup
of
> > the MX records returns the public IP address which is unreachable from
> > within the private network. As far as I can see, there are a few
options:
> > 1. Modify the mail server (Postfix) to do the MX lookup, and then check
the
> > resulting IP address against a given list of mail servers known to the
NATed
> > on our private network. If a match is found, then translate to private
IP
> > address and continue as normal.
> > I cannot find an option to do this in Postfix (smtp)
> >
> > 2. Create 'dummy' local DNS MX entries for all domains which require
> > translation.
> > This is messy and requires a lot of maintenance.
> >
> > 3. Manipulate outgoing packets being sent to port 25 of the public IP
> > addresses for known mail servers on the NATed network, rewriting the
> > destination address to the private IP address. As far as I can tell,
this is
> > what is known as DNAT in iptables, but this is a 2.2.16 machine so this
is
> > not an option without a significant upgrade.
> >
> > Does anyone have any ideas??
>
> AFAICT, you can do that with the ipchains rules. You need to go get the
> port forwarding patch and then use an ipfwadm rule to forward packets for
> <external.mail.server.ip> 25 to <private.mail.server.ip> 25
>
> I don't remember the details of the patch but it's out there on the ipmasq
> mailing list. If I get time later, I'll look it up at home.
>
> Conor
> --
> Conor Daly
> Met Eireann, Glasnevin Hill, Dublin 9, Ireland
> Ph +353 1 8064276 Fax +353 1 8064275
> ------------------------------------
> 12:04pm up 12 days, 19:02, 8 users, load average: 0.00, 0.06, 0.15
>
> --
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription
information.
> List maintainer: listmaster at linux.ie
>
>
More information about the ILUG
mailing list