Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

restore original IP with iptables port forwarding to PPTP client

alshahadalshahad Member
in General

Hello,

To explain my scenario, our server's IP start blocking incoming & outgoing connections for port 25, so I prepare PPTP servers in another ISP and port forward the port 25 from ISP B to our local servers using PPTP.

Everything seems good and fine, but what I am having currently that the sender IP in exim is PPTP Server itself not the original IP.

Like:

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 03 Jul 2022 21:20:41 +0600
Received: from backup.backup.com (**[192.168.0.1]** helo=repost01.micro.eu)

So 192.168.0.1 is our PPTP server IP. Is there is any way to restore the orginal IP using the iptables ? masquerading ?

our local iptables in the PPTP server that redirects the connections to local server:

# Generated by iptables-save v1.8.4 on Mon Jul  4 17:15:07 2022
*nat
:PREROUTING ACCEPT [10:1023]
:INPUT ACCEPT [1:36]
:OUTPUT ACCEPT [6:364]
:POSTROUTING ACCEPT [6:364]
-A PREROUTING -p tcp --dports 25 -j DNAT --to-destination 192.168.0.2:25
-A POSTROUTING -o venet0 -j MASQUERADE
-A POSTROUTING -d 192.168.0.0/24 -o ppp+ -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -j SNAT --to-source 9.9.9.9
COMMIT
# Completed on Mon Jul  4 17:15:07 2022
# Generated by iptables-save v1.8.4 on Mon Jul  4 17:15:07 2022
*mangle
:PREROUTING ACCEPT [786:130455]
:INPUT ACCEPT [407:54747]
:FORWARD ACCEPT [348:64420]
:OUTPUT ACCEPT [459:101527]
:POSTROUTING ACCEPT [807:165947]
COMMIT
# Completed on Mon Jul  4 17:15:07 2022
# Generated by iptables-save v1.8.4 on Mon Jul  4 17:15:07 2022
*security
:INPUT ACCEPT [407:54747]
:FORWARD ACCEPT [348:64420]
:OUTPUT ACCEPT [459:101527]
COMMIT
# Completed on Mon Jul  4 17:15:07 2022
# Generated by iptables-save v1.8.4 on Mon Jul  4 17:15:07 2022
*raw
:PREROUTING ACCEPT [786:130455]
:OUTPUT ACCEPT [459:101527]
COMMIT
# Completed on Mon Jul  4 17:15:07 2022
# Generated by iptables-save v1.8.4 on Mon Jul  4 17:15:07 2022
*filter
:INPUT ACCEPT [185:30926]
:FORWARD ACCEPT [348:64420]
:OUTPUT ACCEPT [459:101527]
-A INPUT -p gre -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -m state --state NEW -j ACCEPT
COMMIT
# Completed on Mon Jul  4 17:15:07 2022

Any missing thing I miss? or it is not possible to do this using iptables as it is layer 3? or should I configure the exim itself ?

Looking forward..
Regards

Comments

  • luckypenguinluckypenguin Member
    edited July 2022

    PPTP in 2022? Why not over gopher or telnet?
    What you need is an SMTP relay:
    https://www.linode.com/docs/guides/postfix-smtp-debian7/

    And no, you won't rewrite it with iptables since it's the SMTP envelope,
    what you can do is either drop this line or modify it with any other info:
    https://serverfault.com/questions/952009/how-to-modify-receive-header-in-postfix
    https://www.plesk.com/kb/support/how-to-rewrite-headers-in-outgoing-mail-messages/

    /^Received:.*/ IGNORE
    will hide it completely.

  • alshahadalshahad Member

    @luckypenguin I think you misunderstand the scenario, we don't have any issues with outgoing emails, we already using SMTP relay, our only issue is with incoming emails which we need to handle it remotly and send it to the email local server as incoming connections from port 25 is blocked.

    Thanks anyway.

  • jmgcaguiclajmgcaguicla Member
    edited July 2022

    I know next to nothing about mailing so I'm going to address the networking part of the question, maybe this is all unnecessary/can be done using some mail magic and not iptables wizardry idfk.

    By the time it hits your inbound mail server it's already rewritten by the MASQUERADE rule so you can't "restore" it since that piece of information is not visible in the first place.

    Guessing, but I would assume you can drop the masquerade rule on ppp so the source doesn't get rewritten but then I don't know how the outbound reply would play out once it hits the mail server you can also probably write a rule on the mail server itself to selectively reply through ppp somehow so it flies out of the PPTP server instead of your default gateway.

  • mosquitoguymosquitoguy Barred

    Get rid of the tunneling. Have the mail server use port 2525 on ISP A. dstnat from ISP B port 25 to port 2525 on ISP A. This way you don't need masquerade and ISP A will get the origin IP.

Sign In or Register to comment.