IPTables: Static IP + Port forward to DynIP + Port and back (NAT, DNAT, SNAT)

Discussion in 'HOWTO-Related Questions' started by TDS, Apr 25, 2017.

  1. TDS

    TDS New Member

    Finally I ask here the question: I'm tired of testing and nothing works...
    Scenario: MS Exchange inside INTRANET with external dynamic IP
    Domain.TLD with MX 2 pointing to IP 2
    All Traffic from IP 2 and Port 25 should be forwarded to DynDNS IP and Port 25. For testing maybe another. And packets back should point to IP 2 and "coming from IP 2".
    What's the right way to do that? PREROUTING, POSTROUTING, FORWARD, MAQUERADE, DNAT, SNAT...

    That's not working. Tested port 80 and nmap / telnet to get web server connection.
    IP=`dig +short dyndns.domain.tld A`
    $command -t nat -A PREROUTING -p tcp -d $SOURCE --dport 25 -j DNAT --to-destination $IP:80
    $command -t nat -A POSTROUTING -p tcp -d $IP --dport 80 -j SNAT --to-source $SOURCE                   
  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Did you enable port-forwardig?
    echo 1 > /proc/sys/net/ipv4/ip_forward
  3. TDS

    TDS New Member

    Yes, because this firewall is on a root server with multiple other rules which won't work if it's not enabled.
    PS: Connection is established but one packet per 20-30s. So there must be something wrong with routing itself, or masquerading or encapsulation.
  4. Subraa Singapore

    Subraa Singapore New Member

    Would you please detail more!!
  5. TDS

    TDS New Member

    Routing Port 25:
    Static IP => via Dynamic IP => Exchange
    Exchange => via Dynamic IP => Static IP

Share This Page