Chad Vogelsong on 11 Apr 2007 21:08:04 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] What is the best way to create a tunnel or a forward?iptables?


When they send e-mail, their client contacts your server at your location on port 25?  No ISP should be blocking that because anybody using an external mail service would need port 25.  I send mail out to 3 different servers on port 25, depending on which account I'm using.

Are you sure it's not a local firewall or host firewall that is blocking the traffic?  Can you login to these things remotely?

If you have a router / fw in front of your mail server that can do port forwarding (my $30 netgear router does it), I would just use that and set it up to forward all incoming packets on 2525 to server_ip:25

I need more information about how your mail server is setup.  Is it at your home, a hosting center, another business?

INTERNET <--> ROUTER / FW <--> MAIL_SERVER with internal or external IP?

Chad


Marc Zucchelli wrote:
I tried the iptables command that Chad provided me with on my test server:

iptables -A FORWARD -i eth0 -p tcp --sport 2525 --dport 25 -d mailserver_IP -j ACCEPT

I set the ip address correctly, tried several variations, and I'm not getting a port forward.  I get refused connections when I try to connect to 2525.  I have seen several sites on the internet do it with NAT, but I'm not trying to send these packets to a different server, same one.  Do I have to use NAT?  Any other suggestions?  My iptables skills are weak!

  
Chad Vogelsong <chad@vogelsong.net> wrote:
Marc,

Can't you just SSH or VPN into the server that you are hosting their e-mail on?

If they have a business level internet package, port 25 should no be blocked.  Talk to their ISP about that.  If they have a consumer level package, tough luck.

It would be trivial to create an iptables forward rule to forward mailserver:2525 to mailserver:25.  Make the rule on the router/firewall something like this:

iptables -A FORWARD -i eth0 -p tcp --sport 2525 --dport 25 -d mailserver_IP -j ACCEPT

    
Assuming that eth0 is the router/fw external interface.  YMMV.

Chad


  I'm hosting a clients email on my server.  Something went wrong with their router and it's blocking port 25.  I won't have the time to make the long trip up to fix it for them for a while, so I was thinking about maybe openning up a higher port on the same server, and just tunneling that to port 25, and it will be easy enough for me to walk them through changing their outgoing port in their email software.  What is the best way to pull this off?  This is just a temporary solution so I don't lose them!



Get your own web address.
Have a HUGE year through Yahoo! Small Business.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug


Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

-- 
Chad Vogelsong
csv@gamebox.net

Tel: +1 267 498 2380
Fax: +1 267 646 0202

Skype: 	cvogelsong
Gizmo:	psudilbert
SIP #: 	+1 747 101 2570
AIM:	CMPENGpsu
Yahoo:	psudilbert
MSN:	wicket_weasel@hotmail.com
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug