On Sat, 13 Apr 2002, Chris Weiss wrote: > I am new to iptables so please be kind.... > > My host is RH 7.2 with the latest updates as of last night. My iptables > version is 1.2.4 on kernel 2.4.9. > > I am starting with a minimal rule set and moving out. Right now, my base > rule is just for masquerading on nat: > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > This works fine for every service I have tested -> web, icq, sending and > receiving mail to other hosts, etc. > > I have set up a port forward from my firewall box which works as far as > receiving mail on an internal server is concerned: > > iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to 192.168.1.3 > > I can receive mail all day long. However, when I try to send mail, the > attempt dies saying the connection has timed out in the mail queue messages. > I am unable to telnet out on port 25 to a known good host, so I know I am > missing something. When I try to telnet from the firewall, it works fine, > but none of my internal hosts appear able to telnet out on port 25 to a mail > host, which is why I am assuming mail is not working for outgoing messages. > > Any ideas? >
Sure -- your DNAT rule is trying to redirect your OUTBOUND mail back to 192.168.1.3. Probably want to add "-i eth0" to that rule. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED]
