1. Home
  2. Cisco Systems
  3. IP redirect

IP redirect

Hi,

I've just managed a succesfull redirect of outgoing packets (from

10.0.0.0/24), destinating to ANY smtp, to MY smtp server (192.168.0.2).

Most of the configuration suggested to use route-map. which didn't work. The succesfull config was with NAT, and i'd like to ask

1) if this is a nice way to do redirects 2) why it didn't work with route-map

So here are my configs

==================config 1 Interface ATM1/0.1 ip address 10.0.0.1 255.255.255.0 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat outside no ip mroute-cache

Interface ATM1/0.2 ip address 192.168.0.1 255.255.255.0 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat inside no ip mroute-cache

ip nat pool smtp-server 192.168.0.2 192.168.0.2 255.255.255.0 type rotary ip nat inside destination list 111 pool smtp-server

Extended IP access list 111 10 deny tcp host 192.168.0.2 any eq smtp 20 permit tcp 10.0.0.0 0.0.0.255 any eq smtp =======================end config 1

This configuration works as I wanted to. Every outgoing packet from

10.0.0.0/24 to any smtp server gets redirected (like transparent proxy) to my mail server. Is this ok?

My previous config was with route-map and I never managed to understand why it didn't work.

==================config 2 Interface ATM1/0.1 ip address 10.0.0.1 255.255.255.0 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip policy route-map MAIL-REDIRECT no ip mroute-cache

Interface ATM1/0.2 ip address 192.168.0.1 255.255.255.0 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp no ip mroute-cache

route-map MAIL-REDIRECT permit 10 match ip address 111 set ip next-hop 192.168.0.2

Extended IP access list 111 10 deny tcp host 192.168.0.2 any eq smtp 20 permit tcp 10.0.0.0 0.0.0.255 any eq smtp =======================end config 2

The above config fails to change the destination address. Nevertheless packets are routed through the ATM1/0.2 interface.

I believe that route-map would be a cleaner and maybe a resources better way to do the redirect.

Any suggestions in those problems? thnx

Giannis

Reply to
bilias
Loading thread data ...

A route-map does not change the destination address. The IP-packet is sent to the MAC-address of 192.168.0.2 but the IP destination address isn't changed. Due to the circumstance that the IP destination address is not the address of your smtp gateway the packed gets discarded.

Reply to
Helmut Ulrich

[..] You need to NAT. Here's how I did it a while ago...

formatting link
alan

Reply to
Alan Strassberg

Are you talking about NAT on the mailhost or on the router? I'm doing NAT on the router (changing the destination address) and it works fine.

If i get it straight, the problem with the route-map is that the mailhost although it gets the packets, it discards them because the destination address is different.

So if I did NAT on the mailhost it would accept them?

thnx for replies.

Giannis

Reply to
bilias

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.