Hello,
Rob Sterenborg a écrit :
On Tue, December 12, 2006 08:34, Nandan Bhat wrote:
I need some machines on 192.168.1.0/24 network to be able to get/send
mail using 192.168.0.10 . Mail is limited to these networks and does not go to
the outside world.
My question is: Do I need a SNAT rule or should I try something with
nat+FORWARD?
No. You can just route from 192.168.0.0/24 to 192.168.1.0/24 and back without
using NAT.
But then you need that host 192.168.0.10 has a route back to
192.168.1.0/24, either directly via eth1 IP address (so it'd better be
fixed), or indirectly via the default gateway which must have a route to
192.168.1.0/24 via eth1 IP address. Else you must do SNAT or MASQUERADE
for 192.168.1.0/24 on eth1 :
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE
$ipt -A FORWARD -m state --state NEW -s 192.168.0.0/24 \
-d 192.168.1.0/24 -m mport -p tcp --dports 25,110 -j ACCEPT
$ipt -A FORWARD -m state --state NEW -s 192.168.1.0/24 \
-d 192.168.0.0/24 -m mport -p tcp --dports 25,110 -j ACCEPT
The last 2 rules can also be split into 4 rules if you don't have the mport
module :
Or just use the more standard 'multiport' match instead.
|