[Firewall] Conditional source based routing

dan dan at silverlotus.co.uk
Tue Jan 12 21:25:37 CET 2010



I have a conditional routing scenario and I've been advised that IPTables may be a suitable solution. As I already have an Arno IPTables implementation in place I'm looking to see if it can solve my problem. I have a fairly simple setup:


X----LAN99----X    [ ARNO IPTABLES GATEWAY ]     X<----LAN1---->X    [ ROUTER ]    X<---- INTERNET ---->X


It's a typical setup on the one hand (Internet / router / Lan) - but I have a separate subnet (99) that is accessible through the Arno IPTables gateway. The Arno box sees the LAN99 as the internet - providing firewalling to limit access back in to LAN1.


My issue is this - LAN1 hosts a mail server which receives traffic from the internet, natted through the internet facing router. I want to nat the traffic to a different server (Arno box perhaps) that will act as a network proxy in effect, and forward the mail traffic to different locations depending on the source address. Basically, anything identified as spam will be routed to a Tarpit - anything else back on to the valid mail server. The Tarpit is in LAN99 (mail server on LAN1). I there a way that this canbe achieved with an Arno IPTables system?


Apologies if this is a bit vague. Any pointers would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100112/addb1254/attachment.htm>

More information about the Firewall mailing list