25 Aug
2014
25 Aug
'14
12:38 p.m.
On 08/25/2014 08:26 AM, Jochen Bern wrote:
Well, if offering the*exact same* functionality on a second port is all that needs to be done, having the server's host firewall (iptables?) duplicate the NAT on your border firewall for internal accesses should do just fine; no need to majick it into the dovecot config (which opens the possibility of functional differences being introduced unintentionally).
Assuming Red Hat or similar with no conflicting iptables rules (yet),
iptables -t nat -A PREROUTING -p tcp --dport 30xxx -j DNAT --to :143
iptables -t nat -A PREROUTING -p tcp --dport 30yyy -j DNAT --to :993
service iptables save
Regards, Since you're redirecting to a port on the same host, the following is perhaps more correct:
iptables -t nat -A PREROUTING -p tcp --dport 30143 -j REDIRECT --to-port 143