Good day. I have to forward email ports from local net to the whole world. At the same time I have a local email server that functions too. - Therefore I have I divide the requests between those coming to the local one and those that go to the outer one.
Having said that I have: world's net - 1.1.1.1 local net - 192.168.0.0/24 iptables firewall, w/ running email server - 192.168.0.1 eth0 - the world's net eth1 the local one. Here is how I try to accomplish this: /sbin/iptables -A FORWARD -i eth1 -s 192.168.0.0/24 -p tcp -m multiport --dports 25,110 -j ACCEPT /sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 25000 -j DNAT --to-destination ______:25 /sbin/iptables -t nat -A POSTROUTING -i eth1 -s 192.168.0.0/24 -j SNAT --to-source=1.1.1.1 My questions are: 1. Is it all correct/safe in any way, or needs additional correction? 2. _______ - what should I use here in case I do not want to limit the access to a single email server? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cfdf5fa.857a0e0a.4eca.ffffc...@mx.google.com