SNAT
Thu, 14 Feb 2008 10:32 - Daniel - Server - Comments (0)
There was a litte problem with the new SPF records yesterday. I'm running openvpn on my server and use SNAT to send the traffic to another IP than the http, ftp, dns services are listening on. But apparently it also sent the traffic originating from my server from this IP. Atleast one mail server had problems with this:
<someuser@gmx.net> host mx0.gmx.de[213.165.64.100] said: 550-5.7.1 {mx090} The
recipient does not accept mails from 'tac-ops.net' over foreign
mailservers. 550-5.7.1 According to the domain's SPF record your host
'78.*.*.*' is not a designated sender. 550 5.7.1 (
http://portal.gmx.net/serverrules ) (in reply to RCPT TO command)
The solution was simple. Instead of directing all traffic I added an additional source IP match to the command.
From:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 78.b.c.d
To:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 78.b.c.d --source 10.8.0.0/24
Tags: