iptables nat just port 25?

linux debian iptables

Solution 1:

The code below will do the job. Iptables is easy enough to work with - you just have to be explicit about telling it what to do with traffic that comes from or goes to specific locations on specific ports. Although you only requested ports 25 and 110, I included options for secure SMTP and secure POP3 as well.

What I recommend below takes into account whatever firewall rules you have in place and puts the rules you've requested higher in the processing order than anything else. Iptables processes rules in the order that it matches them, so just in case you have other rules already in the firewall that might block SMTP or POP3, I used the insert command and specified the rules should be placed at the top of the list. If you don't have any other firewall rules, then you could substitute the "-I" with "-A" and drop the line numbers after the "FORWARD" and "POSTROUTING" tables.

I recommend implementing connection tracking whenever you can and the first iptables rule below turns that on. If you're running on a really old kernel then you might have issues with these commands, but if they work for you, then great. If they don't, then drop that first line, and drop the "-m tcp" portion of all the other lines. 

#Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

#Turn on connection tracking
iptables -I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

#Allow SMTP traffic out to the internet. This includes regular and authenticated SMTP
iptables -I FORWARD 2 -i eth1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -I FORWARD 2 -i eth1 -p tcp -m tcp --dport 465 -j ACCEPT
iptables -I FORWARD 3 -i eth1 -p tcp -m tcp --dport 587 -j ACCEPT

#Allow POP3 traffic out to the internet. This includes regular and SSL secured POP3
iptables -I FORWARD 4 -i eth1 -p tcp -m tcp --dport 110 -j ACCEPT
iptables -I FORWARD 5 -i eth1 -p tcp -m tcp --dport 995 -j ACCEPT

#NAT the traffic leaving your router for the allowed forwarded ports above
iptables -t nat -I POSTROUTING 1 -o eth0 -p tcp --dport 25 -j MASQUERADE
iptables -t nat -I POSTROUTING 2 -o eth0 -p tcp --dport 465 -j MASQUERADE
iptables -t nat -I POSTROUTING 3 -o eth0 -p tcp --dport 587 -j MASQUERADE
iptables -t nat -I POSTROUTING 4 -o eth0 -p tcp --dport 110 -j MASQUERADE
iptables -t nat -I POSTROUTING 5 -o eth0 -p tcp --dport 995 -j MASQUERADE

#Optionally, block any other forwarded traffic
iptables -I FORWARD 6 -i eth1 -j REJECT

Solution 2:

Easy peasy lemon squeezy:

iptables -t nat -A POSTROUTING -p TCP --dport 25 -j MASQUERADE

iptables -t nat -A POSTROUTING -p TCP --dport 110 -j MASQUERADE

:)

Related

How to get Amazon ELB to handle large traffic ramps?
How to make my very own ubuntu minimal install?
Get a list of the licences of all packages on Ubuntu system [closed]
How to limit login attempts to Subversion?
Disabled admin account on Win 2008 R2
Online configuration tool for iptables? [closed]
CCNA Case Study - Static Routes
Are there any drawbacks to running memcached on a Unix domain socket instead of the network (assuming one server)?
How do I set up a private mirror server for Cygwin?
Corrupt files' contents, while FS is OK
How to see the list of ip addresses in 'recent' module?
Rewrite from-address of all outgoing e-mail from a server using Postfix