iptables issue

Right now there is a firewall in place for a mail server as follows:

## mail.foo.com ## MAIL_EXT_IP="x.x.x.x" MAIL_INT_IP="y.y.y.y" $IPTABLES -A FORWARD -i $OUTSIDE -d $MAIL_EXT_IP -j ACCEPT

## Mail traffic will be forwarded to the mail server ## $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP

--dport 22 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP

--dport 25 -j DNAT --to-destination $MAIL_INT_IP #$IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP

--dport 80 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP

--dport 110 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP

--dport 993 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP

--dport 995 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p all -i $OUTSIDE -d $MAIL_EXT_IP -j DROP

Would it be possible to modify this so that port 25 is only open for 2 incoming IP addresses rather than forwarding all port 25 traffic?

Thanks Frank

Reply to
Loading thread data ...

spec wrote: [iptables]

Yes. Please read:

formatting link
Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.