[afnog] SOLVED: SMTP Traffic Redirect

Christian Muhirwa chrismuhirwa at hotmail.com
Fri Jun 18 15:39:35 UTC 2010


Thanks
redirecting the traffic through the GRE tunnel solved the problem.

Christian

> Date: Thu, 17 Jun 2010 16:18:27 +0100
> From: B.Candler at pobox.com
> To: chris+afnog at aptivate.org
> CC: chrismuhirwa at hotmail.com; kuenzler at init7.net; afnog at afnog.org
> Subject: Re: [afnog] SMTP Traffic Redirect
> 
> On Thu, Jun 17, 2010 at 04:47:23PM +0200, Chris Wilson wrote:
> > > I went with option 3, setting up a gre tunnel between the smtp server 
> > > and the router, and using route-map, changed the next hop ip address. 
> > > All smtp traffic is being redirect however it is being dropped at the 
> > > smtp server point. I imagine it's due to the fact that the destination 
> > > IP address is different from the server's. I used iptables (iptables -t 
> > > nat -A PREROUTING -i gretunnel0 -p tcp --dport 25 -j DNAT --to 
> > > 127.0.0.1:25) but still it is being dropped.
> > 
> > I don't think you can DNAT to the localhost IP. Please use either another 
> > IP on the same mail server, or use REDIRECT instead of DNAT.
> > 
> > If that doesn't help, please examine the traffic coming in on the GRE 
> > tunnel with tcpdump to see if you can identify what's happening to it, and 
> > check with "iptables -t nat -L -nv" that your rule is actually being hit.
> 
> I'd look for one of the tutorials on transparently redirecting web traffic
> to a squid, and follow that.
> 
> In addition, you may need to policy-route the return traffic back via the
> tunnel. This is probably most easily achieved by redirecting the traffic to
> the GRE tunnel's local IP (say 192.168.1.1, anything different to the SMTP
> server's local address), and then forcing traffic with a source address of
> 192.168.1.1 back down the GRE tunnel.
> 
> B.
> 
 		 	   		  
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20100618/75b04698/attachment.htm>


More information about the afnog mailing list