Hi, I'm mounting my new firewall with iptables using DNAT, for passing the services depending the type of protocol, my net looks like:
1 NIC with vitual ip: 1.1.1.1 eth0 1.1.1.2 eth0:1 1.1.1.3 eth0:2 1 NIC with private IP, and all mi servers on this class: 192.168.1.254 eth1 My real server 192.168.1.100 Our rules iptables DNAT are: *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -s 0/0 -d 1.1.1.1 -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to 192.168.1.100:25 -A PREROUTING -s 0/0 -d 1.1.1.1 -i eth0 -p tcp -m tcp --dport 110 -j DNAT --to 192.168.1.100:110 The DNAT works very good, but the deamons smtp and pop3 doesn't response inmmediately. I have my DNS resolving all zones, and inverse resolution.. We have RedHat 7.2 ext2 kernel 2.4.9-31 iptables-1.2.4-2 In this scheme with other protocols (httpd,sshd) response inmmediately... Any Suggestion? --
