Hello - Thanks for reading my post :D

I'm running RHv9.0 with a 2.4 kernel. I have a question regarding email forwarding to an internal machine thats behind my firewall. I'm using IPTABLES as my firewall. Anything that comes on port 25 goes through a set of ACCEPT rules ie:

$IPTABLES -A INPUT -s <source ip> -d 0/0 -p tcp --dport 25 -j ACCEPT

Those not listed in the accept rules get dumped ie:

$IPTABLES -A INPUT -s 0/0 -d 0/0 -p tcp --dport 25 -j DROP

Instead of dumping those not listed on my accept rules I now want to forward those emails to another server that's running behind my firewall. In an attempt to accomplish this I inserted this rule just before the DROP rule ie:

$IPTABLES -t nat -A PREROUTING -d $INET_IP tcp --dport 25 -i $INET_IFACE
-j DNAT --to-destination 192.168.1.2:25

$INET_IP = my public IP number
$INET_IFACE = eth0

This looks simple enough but it doesn't work. Maybe I need an ACCEPT rule on the second server? Since the second server is behind my firewall and since I am calling out its IP number (port specific) I don't think I need an ACCEPT rule. The second server is a Linux box running RHv7.2

Any help or suggestions you could provide would be greatly appreciated :D

Regards,

Bill KJ6EO

You should probably skip iptables and masquerade with the sendmail DH instruction. Red Hat has an old article here:

http://redhat.activeventure.com/72/referenceguide/s1-email-sendmail.html

The problem is the prerouting chain is seen before the filter table, and your prerouting rule has no exception to it.
try
$IPTABLES -t nat -A PREROUTING -s !<source ip> -d $INET_IP tcp --dport 25 -i$INET_IFACE
-j DNAT --to-destination 192.168.1.2:25