[ previous ] [ next ] [ threads ]
 
 From:  "Jeroen Visser" <monowall at forty dash two dot nl>
 To:  "Lee Sharp" <leesharp at hal dash pc dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] NAT question: redirect all outgoing SMTP to or own SMTP-server
 Date:  Sat, 21 Jan 2006 21:53:33 +0100
Lee, good point there !

Sorry, I forgot to mention,
My mailserver is not behind the interface of the m0n0wall in my rule and thus is
not infected by this rule. 

The rules I've posted are not the specific rule I use, they were posted by others.

I never tried it with networks/hosts behind the same m0n0wall interface.
Since I've got the luxury of using something like a mini test lab, I can try and
keep you posted on this. May take a while, I've still got to clean a lot of virus
infected PC's on my network. (1500+ hosts to check in the mail-logs) ;-(

This is the rule I use.

<nat>
<advancedoutbound>
</advancedoutbound>
<rule>
	<protocol>tcp</protocol>
	<external-port>25</external-port>
	<target>[mailserver not on lan ip here]</target>
	<local-port>25</local-port>
	<interface>lan</interface>
	<descr>redirect SMTP to other SMTP server</descr>
</rule>		
</nat>

PS, Sorry about the double post before, mailclient got screwed up.

--
Jeroen

On Sat, 21 Jan 2006 12:27:20 -0600, Lee Sharp wrote
> From: "Jeroen Visser" <monowall at forty dash two dot nl>
> 
> > I've lost the original message, this is a copy and paste from the archive.
> > For a refreshing of the mind I included the complete original message 
> > below.
> 
> > Since we've experienced a major outbreak of virusses at the company I work 
> > for and
> > ppl are allowed to send smtp to other hosts (company rule, it's stupid I 
> > know) I
> > was forced to try this, because we would get cut off by or provider if I 
> > had no
> > quick fix.
> 
> > I can say it works !
> > Maybe this is also possible for the transparent proxy thingy ppl ask for 
> > so often !
> 
> > <nat>
> > <rule>
> >  <protocol>tcp</protocol>
> >  <external-port>25</external-port>
> >  <target>192.168.1.5</target>
> >  <local-port>25</local-port>
> >  <interface>wan</interface>
> >  <descr>redirect SMTP to WAN SMTP server</descr>
> > </rule>
> > </nat>
> 
> A quick question.  From the look of this, the SMTP server at 192.168.1.5 
> would be recursively routed to itself.  How would it get out?  Is there 
> additional NAT for it?  Or does it get out auto-magically?
> 
>                         Lee
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


--
Met vriendelijke groet,
Jeroen Visser.
--
Sure, we know Unix, we've seen it in Jurassic Park...