• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4245
  • Last Modified:

IPtables SNAT & DNAT

I am using Linux 9.0 & squid as an Internet Gateway with two network cards eth0 (public IP) and eht1(Private IP) and Exchange2000 as an e-mail server which is on private IP. By using IPtables my exchange server can receive and send mails on internet. But my users can not POP their mails from exchange server when they are on foreign tour my configurations are

echo "1" >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -d 202.xxx.xxx.xxx -j DNAT --to-destination 192.168.xx.xxx
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.xx.xxx -j SNAT --to-source 202.xxx.xxx.xxx
iptables -A INPUT -i eth0 -p tcp --d port 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --d port 110 -j ACCEPT

2ndly in my office one user/client needs FTP access on his machine, how can i allow him on port 21 ?
0
nellahi
Asked:
nellahi
1 Solution
 
2266180Commented:
you need to configure the webserver to allow certain character sets. if you use apache, there is an AddCharset directive.
0
 
2266180Commented:
sorry for the above comment. I'm still new on using ameba's tool. if there is a page editor online, would (s)he please delete these 2 comments. thank you.
0
 
ravenplCommented:
> iptables -A INPUT -i eth0 -p tcp --d port 25 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --d port 110 -j ACCEPT
You don't need that, as nobody is allowed to connect to those ports to Your host - right? Instead
iptables -A FORWARD -i eth0 -p tcp -d 192.168.xx.xxx --dport 25 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp -d 192.168.xx.xxx --dport 110 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

> 2ndly in my office one user/client needs FTP access on his machine, how can i allow him on port 21 ?
You mean He want to login to internal ftp server from abroad ?
0
 
nellahiAuthor Commented:
2ndly in my office one user/client needs FTP access on his machine, how can i allow him on port 21 ?
You mean He want to login to internal ftp server from abroad ?

No, he wants to access ftp server from Internet (any other FTP) from office using Linux server because it is the only internet gateway. i think now u have got my question.
0
 
BlazCommented:
Do you block any traffic?

If you do, you should add a rule for ftp connections:
iptables -A FORWARD -i eth0 -p tcp -d 192.168.xx.xxx --dport 21 -j ACCEPT

and make sure, you have ftp NAT module for iptables loaded
insmod ip_nat_ftp

Of course there is also a difference between pasive and active ftp connections... If you don't block any traffic then passive ftp should work.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now