iptables nat just port 25?
Solution 1:
The code below will do the job. Iptables is easy enough to work with - you just have to be explicit about telling it what to do with traffic that comes from or goes to specific locations on specific ports. Although you only requested ports 25 and 110, I included options for secure SMTP and secure POP3 as well.
What I recommend below takes into account whatever firewall rules you have in place and puts the rules you've requested higher in the processing order than anything else. Iptables processes rules in the order that it matches them, so just in case you have other rules already in the firewall that might block SMTP or POP3, I used the insert command and specified the rules should be placed at the top of the list. If you don't have any other firewall rules, then you could substitute the "-I" with "-A" and drop the line numbers after the "FORWARD" and "POSTROUTING" tables.
I recommend implementing connection tracking whenever you can and the first iptables rule below turns that on. If you're running on a really old kernel then you might have issues with these commands, but if they work for you, then great. If they don't, then drop that first line, and drop the "-m tcp" portion of all the other lines.
#Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
#Turn on connection tracking
iptables -I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#Allow SMTP traffic out to the internet. This includes regular and authenticated SMTP
iptables -I FORWARD 2 -i eth1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -I FORWARD 2 -i eth1 -p tcp -m tcp --dport 465 -j ACCEPT
iptables -I FORWARD 3 -i eth1 -p tcp -m tcp --dport 587 -j ACCEPT
#Allow POP3 traffic out to the internet. This includes regular and SSL secured POP3
iptables -I FORWARD 4 -i eth1 -p tcp -m tcp --dport 110 -j ACCEPT
iptables -I FORWARD 5 -i eth1 -p tcp -m tcp --dport 995 -j ACCEPT
#NAT the traffic leaving your router for the allowed forwarded ports above
iptables -t nat -I POSTROUTING 1 -o eth0 -p tcp --dport 25 -j MASQUERADE
iptables -t nat -I POSTROUTING 2 -o eth0 -p tcp --dport 465 -j MASQUERADE
iptables -t nat -I POSTROUTING 3 -o eth0 -p tcp --dport 587 -j MASQUERADE
iptables -t nat -I POSTROUTING 4 -o eth0 -p tcp --dport 110 -j MASQUERADE
iptables -t nat -I POSTROUTING 5 -o eth0 -p tcp --dport 995 -j MASQUERADE
#Optionally, block any other forwarded traffic
iptables -I FORWARD 6 -i eth1 -j REJECT
Solution 2:
Easy peasy lemon squeezy:
iptables -t nat -A POSTROUTING -p TCP --dport 25 -j MASQUERADE
iptables -t nat -A POSTROUTING -p TCP --dport 110 -j MASQUERADE
:)