shorewall redirect

[hegga]

I want to redirect all outgoing smtp traffic from my network to my internal
mailserver. does anyone know howto do that with shorewall?

[bunder]

I want to redirect all outgoing smtp traffic from my network to my internal
mailserver. does anyone know howto do that with shorewall?

make a rule that sets all traffic with a destination of your external network card which forwards destination port 25 to the mail server.

something like: iptables -A -i externalip -p 25 -d ipaddress -j FORWARD

[hegga]

Perhaps I was a bit unclear in my question, I want all my outgoing smtp traffic from
my internal network to be redirected through my internal mailserver.

in other words, it shall not be possible to send emails from my internal network without
it going through my internal mailserver.

[bunder]

yes, it should work... maybe you don't need the "-i externalip" bit, but that should do it.

edit: you could always set the source network card(s), that should also help force it.

[hegga]

thanx, but do you know how to do it in shorewall also?

[bunder]

sorry, i'm afraid i don't... shorewall uses a different configuration than i'm familiar with.

[Bobnoxous]

I'm curious, but won't that rule prevent the mail from getting out of the network from the mail server too? You would need to exclude the IP of the server I think. I realize we're getting off the shorewall topic, but the issue would apply to shorewall rules too.

[hegga]

I tried using this rule in /etc/shorewall/rules, but it blocked the smtp connections from
the server as well.

Code: Select all

DNAT   local   local:server-ip:25     tcp     25      -       !server-ip

If I'm trying with shorewall redirect I get an error message

Code: Select all

REDIRECT       local   local:server-ip:25     tcp     25      -       !server-ip

[hegga]

is there no shorewall expert to give me a tip about this?