[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

need help in configuring iptables for smtp traffic



Hi Friends,


I am running fedora core 5 64-bit on a Dell sever. I am trying to configure iptables for smtp traffic for which I need some help/guidance.

The scenario is like this:

 On a linux box we have 3 public ips(eth1,eth2 and eth3) and 1 LAN IP(eth0). 2 public IPs are from the same service provider and 1 is from different service provider. eth3 and eth2 are from the same public provider but currently we are using only eth2 public ip There is a script which load balances the Internet Connection to both the Service providers through ip rule


ip rule add from $publicip1 table 1
ip rule add from $publicip2 table 2

ip route add default scope global nexthop via $publicip1 dev eth1 weight 2 nexthop via $publicip2 dev eth2 weight 6

The problem we are facing is that we have 2 mx exchangers in our domain. Both the exchangers receives/sends the mails from the public ip like

mx1 will receive/sends mails through eth1  (another service provider)
mx2 will receive/sends mails through eth2  (another service provider)
 

Accepting mails from public ip
iptables -A INPUT -p tcp -d $publicip1 --dport 25 -j ACCEPT \



Natting rules
iptables -A FORWARD -p tcp -d $smtpserver1 --dport 25   -j ACCEPT \

iptables -t nat -A PREROUTING  -d $publicip1 -p tcp --dport 25 -j DNAT --to $smtpserver1:25 \


Sending mails from smtpserver1 to publicip1

iptables -t nat -A POSTROUTING -s $smtpserver1 -d 0/0 -o eth1 -j SNAT --to-source $publicip1

route add $smtpserver1 netmask 255.255.255.255 gw $publicip1 
route add  $publicip1 gw $gw1


Some more iptables rules which ban sending mails from different vlans/lans directly to public ips (both 1 and 2)
$IPTABLES -A INPUT -p tcp -s $lan1 -d $publicip1 --dport $SMTP -j DROP \


$IPTABLES -A INPUT -p tcp -s $lan2 -d $publicip1 --dport $SMTP -j DROP \


$IPTABLES -A INPUT -p tcp -s $lan3 -d $publicip3 --dport $SMTP -j DROP \


Same rules we have for publicip2.

But still we are not able to send emails from the $smtpserver running in the local lan to outside. Our requirement is like this smtpserver1 which is running postfix should only send/receive emails through publicip1 and smtpserver2 which is also running postfix should sends/receive mails through publicip2.

We are able to receive emails both the public ips on the respective smtp servers but when we are sending emails to outside world it is sometimes going through both the public ips from a single smtp server.


Any suggestions/comments are most welcome


Thanks & Regards

Ankush Grover

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]