Finally I ask here the question: I'm tired of testing and nothing works... Scenario: MS Exchange inside INTRANET with external dynamic IP Domain.TLD with MX 2 pointing to IP 2 All Traffic from IP 2 and Port 25 should be forwarded to DynDNS IP and Port 25. For testing maybe another. And packets back should point to IP 2 and "coming from IP 2". What's the right way to do that? PREROUTING, POSTROUTING, FORWARD, MAQUERADE, DNAT, SNAT... That's not working. Tested port 80 and nmap / telnet to get web server connection. Code: IP=`dig +short dyndns.domain.tld A` SOURCE=IP 2 $command -t nat -A PREROUTING -p tcp -d $SOURCE --dport 25 -j DNAT --to-destination $IP:80 $command -t nat -A POSTROUTING -p tcp -d $IP --dport 80 -j SNAT --to-source $SOURCE
Yes, because this firewall is on a root server with multiple other rules which won't work if it's not enabled. PS: Connection is established but one packet per 20-30s. So there must be something wrong with routing itself, or masquerading or encapsulation.
