Re: [PLUG] What is the best way to create a tunnel or a forward?iptables

Marc Zucchelli on 12 Apr 2007 15:43:26 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] What is the best way to create a tunnel or a forward?iptables?

From: Marc Zucchelli <marcz908@yahoo.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] What is the best way to create a tunnel or a forward?iptables?

Date: Thu, 12 Apr 2007 08:37:11 -0700 (PDT)

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

My server is a dedicated server that I'm paying monthly for, I don't have access to the router in front of it. The client, they have comcast, and comcast says it is an issue with their linksys router. I don't think I'd be able to log into their router remotely, in it's default settings anyway. The client is completely computer illiterate, so my options are to go out there and fix it in person, or to open up another port. The client does have experience setting up his email accounts, I could instruct him on how to make outlook connect to 2525.

Chad Vogelsong <csv@gamebox.net> wrote:
When they send e-mail, their client contacts your server at your location on port 25? No ISP should be blocking that because anybody using an external mail service would need port 25. I send mail out to 3 different servers on port 25, depending on which account I'm using.

Are you sure it's not a local firewall or host firewall that is blocking the traffic? Can you login to these things remotely?

If you have a router / fw in front of your mail server that can do port forwarding (my $30 netgear router does it), I would just use that and set it up to forward all incoming packets on 2525 to server_ip:25

I need more information about how your mail server is setup. Is it at your home, a hosting center, another business?

INTERNET <--> ROUTER / FW <--> MAIL_SERVER with internal or external IP?

Chad

Marc Zucchelli wrote:
I tried the iptables command that Chad provided me with on my test server:

iptables -A FORWARD -i eth0 -p tcp --sport 2525 --dport 25 -d mailserver_IP -j ACCEPT

I set the ip address correctly, tried several variations, and I'm not getting a port forward. I get refused connections when I try to connect to 2525. I have seen several sites on the internet do it with NAT, but I'm not trying to send these packets to a different server, same one. Do I have to use NAT? Any other suggestions? My iptables skills are weak!

Chad Vogelsong <chad@vogelsong.net> wrote:
Marc,

Can't you just SSH or VPN into the server that you are hosting their e-mail on?

If they have a business level internet package, port 25 should no be blocked. Talk to their ISP about that. If they have a consumer level package, tough luck.

It would be trivial to create an iptables forward rule to forward mailserver:2525 to mailserver:25. Make the rule on the router/firewall something like this:

iptables -A FORWARD -i eth0 -p tcp --sport 2525 --dport 25 -d mailserver_IP -j ACCEPT

Assuming that eth0 is the router/fw external interface. YMMV.

Chad

I'm hosting a clients email on my server. Something went wrong with their router and it's blocking port 25. I won't have the time to make the long trip up to fix it for them for a while, so I was thinking about maybe openning up a higher port on the same server, and just tunneling that to port 25, and it will be easy enough for me to walk them through changing their outgoing port in their email software. What is the best way to pull this off? This is just a temporary solution so I don't lose them!

Get your own web address.
Have a HUGE year through Yahoo! Small Business.

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

--
Chad Vogelsong
csv@gamebox.net Tel: +1 267 498 2380 Fax: +1 267 646 0202 Skype: cvogelsong Gizmo: psudilbert SIP #: +1 747 101 2570 AIM: CMPENGpsu Yahoo: psudilbert MSN: wicket_weasel@hotmail.com
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

Re: [PLUG] What is the best way to create a tunnel or a forward?iptables?
From: Chad Vogelsong <csv@gamebox.net>

Prev by Date: Re: [PLUG] Debian update errors, untrusted sources, GPG missing keys

Next by Date: Re: [PLUG] Code snippet site launch

Previous by thread: Re: [PLUG] What is the best way to create a tunnel or a forward?iptables?

Next by thread: [PLUG] Request for lightening talk presentations at 2 May meeting

Index(es):

Date

Thread