benjsh
asked on
Linux in bridge mode transparent smtp proxy?
Hi All,
If running a snort inline in bridge mode
DslRouter---Eth0-Snortinli
And there is a eth2 with 192.168.1.10 ip address anyone know of a way to forward all eth0 mail to a smtp proxy to scan for virus and then forward it?
And the same from internal network also forward it before it is being sent out?
If running a snort inline in bridge mode
DslRouter---Eth0-Snortinli
And there is a eth2 with 192.168.1.10 ip address anyone know of a way to forward all eth0 mail to a smtp proxy to scan for virus and then forward it?
And the same from internal network also forward it before it is being sent out?
ASKER
Hi,
I have:
Rotuer----Eth0(no ip)---Snortinline box-eth1(no ip)---LocalLan-Mailserver
\____eth2----------localla
eth2 has 192.168.1.10 and the mail server has 192.168.1.11
running in bridge mode:
ifconfig eth0 0.0.0.0 down
ifconfig eth1 0.0.0.0 down
brctl addbr br0
brctl stp br0 off
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 0.0.0.0 up
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 192.168.1.10 netmask 255.255.255.0 up
modprobe ip_queue
iptables -A FORWARD -j QUEUE
now is it possible that on eth0 when it sees smtp traffic it will "take" it and forward to eth2 interface on port 25 and parse it and forward to local lan mail server?
And when the lcoal mail server sents outgoing mail on eth1 it will again "take" it and sent out ?
And then on eth2 with the ip i simple run a sendmail with clamav.
The problem is i have a router where they dont allow you to reconfigure it otherwise it would be more simple.
Are there any software to do this transperent mail proxy?
I have:
Rotuer----Eth0(no ip)---Snortinline box-eth1(no ip)---LocalLan-Mailserver
\____eth2----------localla
eth2 has 192.168.1.10 and the mail server has 192.168.1.11
running in bridge mode:
ifconfig eth0 0.0.0.0 down
ifconfig eth1 0.0.0.0 down
brctl addbr br0
brctl stp br0 off
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 0.0.0.0 up
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 192.168.1.10 netmask 255.255.255.0 up
modprobe ip_queue
iptables -A FORWARD -j QUEUE
now is it possible that on eth0 when it sees smtp traffic it will "take" it and forward to eth2 interface on port 25 and parse it and forward to local lan mail server?
And when the lcoal mail server sents outgoing mail on eth1 it will again "take" it and sent out ?
And then on eth2 with the ip i simple run a sendmail with clamav.
The problem is i have a router where they dont allow you to reconfigure it otherwise it would be more simple.
Are there any software to do this transperent mail proxy?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1> is it possible that on eth0 when it sees smtp traffic it will "take" it and forward to eth2 interface on port 25
Yes, iptables can do that port forward for SMTP from eth0 to eth2.
2> when the local mail server sents outgoing mail on eth1 it will again "take" it and sent out ?
Yes, iptables can do SMTP port forwarding from eth1 to eth2.
Do you know how to setup that so I can test?
Yes, iptables can do that port forward for SMTP from eth0 to eth2.
2> when the local mail server sents outgoing mail on eth1 it will again "take" it and sent out ?
Yes, iptables can do SMTP port forwarding from eth1 to eth2.
Do you know how to setup that so I can test?
Hi,
For the bridge mode, I'm not sure how exactly to set the iptables. You may want to check following URL for refernece.
https://www.experts-exchange.com/questions/20888834/IPTables-redirect-internal-port-to-outside.html
Wesly
For the bridge mode, I'm not sure how exactly to set the iptables. You may want to check following URL for refernece.
https://www.experts-exchange.com/questions/20888834/IPTables-redirect-internal-port-to-outside.html
Wesly
(internet) ---- (snort) ---- smtp proxy (MX record)
\__ email server
I'm not sure what your smtp proxy can do. But for incoming mail via smtp proxy, set your MX record point to smtp proxy and
smtp proxy forward to your email server.
As for outgoing, if your smtp proxy can do bi-directory relay (inbound relay to another mail server and outbound send out
directory), then set the outgoing mail forward to smtp proxy on your email server.
If not, then you need another email scanner sever to handle outgoing emails (set mail forward to it on your email server).
Wesly