[Firewall] Conditional source based routing
dan at silverlotus.co.uk
Tue Jan 12 21:25:37 CET 2010
I have a conditional routing scenario and I've been advised that IPTables may be a suitable solution. As I already have an Arno IPTables implementation in place I'm looking to see if it can solve my problem. I have a fairly simple setup:
X----LAN99----X [ ARNO IPTABLES GATEWAY ] X<----LAN1---->X [ ROUTER ] X<---- INTERNET ---->X
It's a typical setup on the one hand (Internet / router / Lan) - but I have a separate subnet (99) that is accessible through the Arno IPTables gateway. The Arno box sees the LAN99 as the internet - providing firewalling to limit access back in to LAN1.
My issue is this - LAN1 hosts a mail server which receives traffic from the internet, natted through the internet facing router. I want to nat the traffic to a different server (Arno box perhaps) that will act as a network proxy in effect, and forward the mail traffic to different locations depending on the source address. Basically, anything identified as spam will be routed to a Tarpit - anything else back on to the valid mail server. The Tarpit is in LAN99 (mail server on LAN1). I there a way that this canbe achieved with an Arno IPTables system?
Apologies if this is a bit vague. Any pointers would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Firewall