Le 01/07/2017 à 03:25, Igor Cicimov a écrit :
You know what, i just checked the iptables rules the op sent again and realized this: -A POSTROUTING -d 10.7.33.109/32 <http://10.7.33.109/32> -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 is NOT how you would do SNAT with DNAT, you normally would need: A POSTROUTING -s 10.7.33.109/32 <http://10.7.33.109/32> -p tcp -m tcp - -j SNAT --to-source 10.7.33.100
These two rules do not have the same purpose at all.The OP's rule applies to incoming SMTP connections forwarded to the server, in order to workaround the routing flaw (wrong gateway).
Your rule applies to outgoing connexions from the server, so 1) is useless for incoming connections and 2) would be ignored in the original setup because the server did not use the router as its default gateway.
PS. Igor, the plain text version of your posts does not properly mark the quoted text from the message you reply to : it appears as if it was your text, without any quotation marks.