Email hosed - bet I'm not the only one!

[David A. Sinck]

\_ SMTP quoth Lynn David Newton on 6/17/2003 13:28 as having spake thusly:
\_
\_  [snip since fixed]
\_
\_   D> or try
\_ 
\_ "Or"? Meaning back out the change above?
\_ 
\_   D> /sbin/iptables -t nat -A OUTPUT -d !127.0.0.1 -p tcp --dport 25 \
\_   D>            -j DNAT --to-destination  smtp.west.cox.net
\_ 
\_ That gives me an error message:
\_ 
\_   iptables v1.2.6a: Bad IP address `smtp.west.cox.net'
\_ 
\_ Going way out on a limb here, I tried this:
\_ 
\_   nslookup smtp.west.cox.net
\_   ... blah blah ...
\_   68.6.18.4

yah.

\_ Then
\_ 
\_   /sbin/iptables -t nat -A OUTPUT -d !127.0.0.1 -p tcp --dport 25 -j DNAT
\_ --to-destination 68.6.19.4
\_ 
\_ which gives me the error:
\_ 
\_   iptables v1.2.6a: host/network `!127.0.0.1' not found

Err... I suspect bad whitespace or command formatting.

! -d 127.0.0.1 

or

-d ! 127.0.0.1  # my voten

\_ "Something with dig and xargs", eh? Well, well. I certainly
\_ Know xargs, and am familiar with dig but don't know what to do to use the
\_ output of dig to send it to xargs to send it to something that iptables
\_ might be able to grok. At least not without probably bringing my system off
\_ the net for the next three weeks at the same time.

dig smtp.west.cox.net | dwim-filter.pl | xargs .... iptables ...

I overlooked mentioning that you probably wanted to filter the results
first.  That was left as an exercise for the reader.  :-)


\_ I live
\_ behind a router, and have never had to deal with
\_ iptables.

No time like the present to install anothe layer of security.  :-)


\_   D> The !127.1 allows for local procmail and fetchmail
\_   D> to work as you might expect.
\_ 
\_ Both of which I use. But what !127.1 are you talking
\_ about? All I see above is !127.0.0.1. Is that an
\_ equivalent syntax? Somehow I've never known that
\_ before.

127.1 is shorthand for 127.0.0.1 and works equivalently many places.


David