port forwarding on VPS ? possible ?

Discussion in 'General Discussion' started by firepages, Jan 18, 2005.

  1. firepages

    firepages Guest

    Hi I want to try and forward requests from port 26 to port 25 on my VPS (the old ISP blocking port 25 issue) , but on a VPS you cant seem to query kernel modules let alone load anything , (grabbed this form other forum posting)

    .........................................................................................................
    iptables -t nat -A PREROUTING -p tcp -d **.**.***.** --dport 26 -j DNAT --to **.**.***.**:25
    .........................................................................................................

    the message I get is ...

    .........................................................................................................
    iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    .........................................................................................................

    so any ideas how else to forward e.g. port 26 to 25 on a VPS ?

    or alternately to configure qmail (as munged by plesk/Virtuozzo) to run on port 26 ?


    Regards,
    Simon.
  2. fenster

    fenster New Member

    Messages:
    429
    Hi,

    You can't use nat inside a VPS.

    The easiest way to make a redirect without using iptables is

    Code:
    # cat > /etc/xinetd.d/redirect26
    service redirect26
    {
            port                    = 26
            type                    = UNLISTED
            disable                 = no
            socket_type             = stream
            wait                    = no
            user                    = root
            redirect                = 127.0.0.1 25
    }
    <press Ctrl+D>
    # chkconfig --level 2345 xinetd on
    # service xinetd restart
    Alternatively, just use any port forwarding program such as redir (http://rpmfind.net/linux/rpm2html/search.php?query=redir).
  3. firepages

    firepages Guest

    Hey Alexander , cheers , the services thing does not seem to work (it lists itself in chkconfig as on but cant send mail though it)

    However I grabbed redir and that did the job so thankyou very much !


    1 more Q if you don't mind ? .. I started redir from ssh with the basics ,

    redir --lport 26 --laddr **.***.**.*** --cport 25

    and as noted that works , I was wondering if I you would recommend setting any other switches etc ,I am running Plesk 7.5 if that helps at all ?

    I note when scanning my machine that though port 25 & port 26 show up , port 26 also returns the ESMTP response (port 25 does not) should I be worried about this ? or will all spam issues be dealt with automatically when traffic is rerouted to port 25 ?

    Thanks again , I had searched and searched , but all solutions before this one appeared to require kernel mods.
  4. fenster

    fenster New Member

    Messages:
    429
    First of all, I'm not sure how your server is supposed to receive incoming e-mail if port 25 is closed.

    By default, your Plesk qmail server is configured to forbid so-called "open relaying". You can list all IP addresses which are allowed to send e-mail in your Plesk panel, Server -> Mail -> White list.
  5. fenster

    fenster New Member

    Messages:
    429
    Also, don't forget to make sure that your redir will be started automatically after reboot. Add it to crontab (crontab -e, @reboot record) or make special init script.
  6. firepages

    firepages Guest

    sorry , I was not clear , several of my clients here in Oz are on ISP's that block outgoing traffic on port 25 ~

    For most of them switching to secure mail on ssl/465 works , but for mac users & some exchange clients that is not working reliably so I wanted to offer an alternative to those clients.

    Yes I am worried about running an open relay , since I got stung when I first got my VPS (default install was an open relay though that may have been my vendor rather than plesk/virtuozzo issue)

    I have added a startup command to rc.local & gonna test it now.

    Thanks again,
    Regards,
    Simon.
  7. SHaRKTooTH

    SHaRKTooTH Guest

    Make sure you configure the port redirector to show the original sender and not itself. Otherwise anyone connecting on port 26 will look like they are coming from 127.0.0.1 which your MTA is most likely setup to relay. If this is the case, anyone would be able to use port 26 for spamming even though your mail server is locked down.
  8. JZMatrix

    JZMatrix New Member

    Messages:
    17
    Just to throw a few sticks in the spokes.. Does anybody know why you can't use the NAT iptables tables within a VPS? Most of my physical machines work on the specify allowed ports and then have everything else redirected into oblivious which prevents most scanners from even detecting the port is filtered since it's being redirected to a closed port.

    I tend to feel safer with this setup instead of the stock Plesk firewall approach, piling everything into the stock filter table. I am currently in the process of establishing an ecommerce business on a Plesk server and need the 'warm friendly' that my server is locked down to my comfort level before I can deploy this site.

    Any ideas?
  9. ewtech

    ewtech New Member

    Messages:
    24

Share This Page