Changing Ip Addresses With Iptables - F-SECURE INTERNET GATEKEEPER FOR LINUX 4.01 Administrator's Manual

Client settings
Set the mail server to 192.168.2.1.
Make sure that the client can send and receive mails.

10.3.4 Changing IP Addresses with iptables

Eth0
Internet
If F-Secure Internet Gatekeeper for Linux and a mail server use a different interface, it is possible to
use the product and a mail server in the same computer with the same port number. You can redirect
the access to default ports (25, 100) in specific interfaces to Anti-Virus (9025, 9110). You can do it
with the NAT setting in the iptables.
The following example uses two interfaces, eth0 (192.168.1.1) and eth1 (192.168.2.1). Access from eth1
ports 25 and 110 is changed to ports 9025 and 9110. The eth1 interface is used for Internet
Gatekeeper, and the eth0 interface (and localhost) is used for the mail server access.
If you have only one physical interface, you can generate a virtual interface with the IP Alias function.
For example, the following command generates the virtual interface "eth0:1(192.168.1.2)":
# ifconfig eth0:1 192.168.1.2 netmask 255.255.255.0
Copy /etc/sysconfig/network-scripts/ifcfg-eth0 to ifcfg-eth0:1 and rewrite the file
to DEVICE="eth0:1". Set the IPADDR, NETMASK, NETWORK, and BROADCAST variables in the
file.
F-Secure Internet Gatekeeper for Linux/Administrator's Guide
F-Secure Internet Gatekeeper server
(192.168.1.1, 192.168.2.1)
Eth1(192.168.2.1)
25(besides eth1)
SMTP server
Mail box
POP server
110(eth1 ? ? )
FSIGK(SMTP)
9025
iptables(192.168.2.1:25)
=>192.168.2.1:9025
iptables(192.168.2.1:110)
=>192.168.2.1:9110
9110
FSIGK(POP)
Eth1
LAN
(192.168.2.xx
x)
123