How to configure dovecot imap to listen on multiple ports?
Gedalya
gedalya at gedalya.net
Mon Aug 25 22:01:39 UTC 2014
On 08/25/2014 05:17 PM, Jochen Bern wrote:
> On -10.01.-28163 20:59, Gedalya wrote:
>> On 08/25/2014 08:26 AM, Jochen Bern wrote:
>>> Assuming Red Hat or similar with no conflicting iptables rules (yet),
>>> # iptables -t nat -A PREROUTING -p tcp --dport 30xxx -j DNAT --to :143
>> Since you're redirecting to a port on the same host, the following is
>> perhaps more correct:
>> iptables -t nat -A PREROUTING -p tcp --dport 30143 -j REDIRECT --to-port 143
> The operational word being "perhaps". My approach will break if the
> server does any forwarding, yours will break if dovecot listens only on
> a secondary IP address, or at least that's what the manpage I grabbed
> off a CentOS 6 says:
That REDIRECT rule can definitely not be used in that exact form if the
machine does forwarding. It will make anyone trying to reach port xxxxx
on any destination arrive at this IMAP server, unless you add a
condition such as -d 192.168.x.x
Indeed, if the machine is also a router and dovecot only listens on a
specific IP address then you would have to use DNAT to specify the
destination IP address and port.
Perhaps the use of the word "correct" was wrong, REDIRECT is just
typically used in such cases where the machine is anyway not a router so
it's kind of a more readable way to say "redirect this traffic from this
machine itself to this machine itself", although REDIRECT is generally
intended to be used on a router to force traffic _not_ destined for this
machine to go to this machine, e.g. setting up a transparent proxy.
So you can say:
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.11 --dport 30143 -j
REDIRECT --to-port 143
Or:
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.11 --dport 30143 -j
DNAT --to-destination xx.xx.xx.xx:143
The latter redirects traffic destined to a specific IP address and port,
192.168.1.11:30143, to a specific IP address and port (presumably on the
same host, or not..).
>
>> REDIRECT
>> [...] It redirects the packet to the machine itself by changing the
> ^^^^^^^^^^^^
>> destination IP to the primary address of the incoming interface
> ^^^^^^^^^^^^^^^^^^^^^^#######^^^^^^^^
>> (locally-generated packets are mapped to the 127.0.0.1 address).
> Regards,
> J. Bern
More information about the dovecot
mailing list