need help in configuring iptables for smtp traffic

ankush grover ankushfedora at gmail.com
Thu Jan 17 13:30:30 UTC 2008


Hi Friends,


I am running fedora core 5 64-bit on a Dell sever. I am trying to configure
iptables for smtp traffic for which I need some help/guidance.

The scenario is like this:

 On a linux box we have 3 public ips(eth1,eth2 and eth3) and 1 LAN IP(eth0).
2 public IPs are from the same service provider and 1 is from different
service provider. eth3 and eth2 are from the same public provider but
currently we are using only eth2 public ip There is a script which load
balances the Internet Connection to both the Service providers through ip
rule


ip rule add from $publicip1 table 1
ip rule add from $publicip2 table 2

ip route add default scope global nexthop via $publicip1 dev eth1 weight 2
nexthop via $publicip2 dev eth2 weight 6

The problem we are facing is that we have 2 mx exchangers in our domain.
Both the exchangers receives/sends the mails from the public ip like

mx1 will receive/sends mails through eth1  (another service provider)
mx2 will receive/sends mails through eth2  (another service provider)


Accepting mails from public ip
iptables -A INPUT -p tcp -d $publicip1 --dport 25 -j ACCEPT \



Natting rules
iptables -A FORWARD -p tcp -d $smtpserver1 --dport 25   -j ACCEPT \

iptables -t nat -A PREROUTING  -d $publicip1 -p tcp --dport 25 -j DNAT --to
$smtpserver1:25 \


Sending mails from smtpserver1 to publicip1

iptables -t nat -A POSTROUTING -s $smtpserver1 -d 0/0 -o eth1 -j SNAT
--to-source $publicip1

route add $smtpserver1 netmask 255.255.255.255 gw $publicip1
route add  $publicip1 gw $gw1


Some more iptables rules which ban sending mails from different vlans/lans
directly to public ips (both 1 and 2)
$IPTABLES -A INPUT -p tcp -s $lan1 -d $publicip1 --dport $SMTP -j DROP \


$IPTABLES -A INPUT -p tcp -s $lan2 -d $publicip1 --dport $SMTP -j DROP \


$IPTABLES -A INPUT -p tcp -s $lan3 -d $publicip3 --dport $SMTP -j DROP \


Same rules we have for publicip2.

But still we are not able to send emails from the $smtpserver running in the
local lan to outside. Our requirement is like this smtpserver1 which is
running postfix should only send/receive emails through publicip1 and
smtpserver2 which is also running postfix should sends/receive mails through
publicip2.

We are able to receive emails both the public ips on the respective smtp
servers but when we are sending emails to outside world it is sometimes
going through both the public ips from a single smtp server.


Any suggestions/comments are most welcome


Thanks & Regards

Ankush Grover
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080117/cf0a6bf9/attachment-0001.htm>


More information about the fedora-list mailing list