Argh! (Adelphia, E-mail, iptables, etc.)

bscott at ntisys.com bscott at ntisys.com
Fri Aug 29 11:32:37 EDT 2003 

On Fri, 29 Aug 2003, at 11:06am, ken at flyingtoasters.net wrote:
> Howdy, all.  Adelphia -- God bless them -- has nixed my in-bound port 25,
> so I can no longer receive e-mail on this account.

  I've said it before and I'll say it again: Adelphia's TOS prohibit hosting
services of any kind on their Internet feeds.  They would be completely
within their rights to block anything you try to host, or cut your feed
entirely.  You have been warned.

  (I am not commenting on whether Adelphia should or should not do this.  
Nor am I commenting on the normal monopoly that a cable operator has in each
individual area.  However, the above situation is still what we have to work
with.  Whether or not you, I, or anyone else likes it does not change the
fact that it currently is.)

> some magic iptables recipe to re-direct port 25 from machine a (1.2.3.4)
> to machine b (3.4.5.6)

  You will not be able to re-direct TCP port 25 from some machine outside
Adelphia's network to TCP/25 on your machine (inside Adelphia's network).  
However, you could redirect TCP/25 on the outside machine to a non-standard
port on your machine.  You would also need to configure your MTA to listen
on said non-standard port (or use another iptables rule on your machine to
redirect the non-standard port back to 25).

  In the following, I assume the outside machine is 1.2.3.4, your inside
machine is 3.4.5.6, and the non-standard SMTP listener is on TCP/2525.  
Change as needed.

  Do the following on the outside machine:

	iptables -t nat -A PREROUTING -d 1.2.3.4 -p TCP --dport 25 \
		-j DNAT --to-dest 3.4.5.6:2525

  Reconfigure your MTA, *OR* do the following on your Adelphia machine:

	iptables -t nat -A PREROUTING -d 3.4.5.6 -p TCP --dport 2525
		-j DNAT --to-dest 3.4.5.6:25

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |

More information about the gnhlug-discuss mailing list