[afnog] SMTP Traffic Redirect
Brian Candler
B.Candler at pobox.com
Thu Jun 17 15:18:27 UTC 2010
On Thu, Jun 17, 2010 at 04:47:23PM +0200, Chris Wilson wrote:
> > I went with option 3, setting up a gre tunnel between the smtp server
> > and the router, and using route-map, changed the next hop ip address.
> > All smtp traffic is being redirect however it is being dropped at the
> > smtp server point. I imagine it's due to the fact that the destination
> > IP address is different from the server's. I used iptables (iptables -t
> > nat -A PREROUTING -i gretunnel0 -p tcp --dport 25 -j DNAT --to
> > 127.0.0.1:25) but still it is being dropped.
>
> I don't think you can DNAT to the localhost IP. Please use either another
> IP on the same mail server, or use REDIRECT instead of DNAT.
>
> If that doesn't help, please examine the traffic coming in on the GRE
> tunnel with tcpdump to see if you can identify what's happening to it, and
> check with "iptables -t nat -L -nv" that your rule is actually being hit.
I'd look for one of the tutorials on transparently redirecting web traffic
to a squid, and follow that.
In addition, you may need to policy-route the return traffic back via the
tunnel. This is probably most easily achieved by redirecting the traffic to
the GRE tunnel's local IP (say 192.168.1.1, anything different to the SMTP
server's local address), and then forcing traffic with a source address of
192.168.1.1 back down the GRE tunnel.
B.
More information about the afnog
mailing list