Le 01/07/2017 à 03:25, Igor Cicimov a écrit :
You know what, i just checked the iptables rules the op sent again and
realized this:
-A POSTROUTING -d 10.7.33.109/32 <http://10.7.33.109/32> -p tcp -m tcp
--dport 25 -j SNAT --to-source 10.7.33.100
is NOT how you would do SNAT with DNAT, you normally would need:
A POSTROUTING -s 10.7.33.109/32 <http://10.7.33.109/32> -p tcp -m tcp -
-j SNAT --to-source 10.7.33.100
These two rules do not have the same purpose at all.
The OP's rule applies to incoming SMTP connections forwarded to the
server, in order to workaround the routing flaw (wrong gateway).
Your rule applies to outgoing connexions from the server, so 1) is
useless for incoming connections and 2) would be ignored in the original
setup because the server did not use the router as its default gateway.
PS. Igor, the plain text version of your posts does not properly mark
the quoted text from the message you reply to : it appears as if it was
your text, without any quotation marks.