F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
123
Client settings
Set the mail server to 192.168.2.1.
Make sure that the client can send and receive mails.
10.3.4
Changing IP Addresses with iptables
Eth0
F-Secure Internet Gatekeeper server
(192.168.1.1, 192.168.2.1)
FSIGK(SMTP)
SMTP server
POP server
Mail box
25(besides eth1)
9025
110(eth1
??
)
FSIGK(POP)
9110
LAN
(192.168.2.xx
x)
iptables(192.168.2.1:25)
=>192.168.2.1:9025
iptables(192.168.2.1:110)
=>192.168.2.1:9110
Eth1(192.168.2.1)
Eth1
Internet
If F-Secure Internet Gatekeeper for Linux and a mail server use a different interface, it is possible to
use the product and a mail server in the same computer with the same port number. You can redirect
the access to default ports (25, 100) in specific interfaces to Anti-Virus (9025, 9110). You can do it
with the NAT setting in the iptables.
The following example uses two interfaces,
eth0 (192.168.1.1)
and
eth1 (192.168.2.1)
. Access from eth1
ports 25 and 110 is changed to ports 9025 and 9110. The eth1 interface is used for Internet
Gatekeeper, and the eth0 interface (and localhost) is used for the mail server access.
If you have only one physical interface, you can generate a virtual interface with the IP Alias function.
For example, the following command generates the virtual interface “
eth0:1(192.168.1.2)”
:
#
ifconfig eth0:1 192.168.1.2 netmask 255.255.255.0
Copy
/etc/sysconfig/network-scripts/ifcfg-eth0
to
ifcfg-eth0:1
and rewrite the file
to
DEVICE="eth0:1"
. Set the
IPADDR, NETMASK, NETWORK,
and
BROADCAST
variables in the
file.