iptables woes

[sykotic1]

Ugh what a night / early morning / day. Jaguar's tech people have more knowledge than I experienced in the past but I'm not closer to a solution this time.

PLEASE tell me why this will not work as a valid iptables *nat ?: -A PREROUTING -p tcp -m tcp --dport 587 -j REDIRECT --to-ports 25

ipt_REDIRECT can be virtualized right? openvz ?? I've already suggested that and am awaiting a response (or a laugh). But what else would you recommend your clients do to access mail from servers with a block on port 25? Nobody wants to run a second qmail pID. I need a lightweight solution. I was almost positive that by now REDIRECT was supported. I've tried the following with no luck, would only work for local mail accounts, but perhaps someone could shed some light on a better way to port forward : -A PREROUTING -p tcp --dport 587 -j DNAT --to-destination xx.xx.xxx.xx:25


... and if that first rule should work then someone please tell me, or give me some starting point for how to get it working. I am wanting to now go semi dedicated. This is turning into a nightmare. Is there no way to use iptables to port forward? And that first command REALLY will never work for a basic, default VE ?? Booooo

[sykotic1]

I wish I could do the Dr. Cox laugh-talk on this one :


Well wouldn't ya know that after arguing with the rep for the better part of my day now ipt_REDIRECT is enabled on the hw node and I'm back in business with the command that I already knew should be working just fine..... yyeeaaaaaah, just an fyi Jaguar, many hosts are now enabling a whole plethora of modules for their VPS clients by default.... do you even know what a plethora means ??? kidding now, but not really... grrr...

[sykotic1]

...and just to vindicate my rep, they did work with me all day to get this resolved. Very happy about that. It was funny because I did read about the ipt_REDIRECT as being unsupported for a VE before this year or so ? And also I had to learn a bit about how a VPS works with modules (used to more semi-dedicated / dedicated environments with a bit more freedom) but in the end they helped me get back up and running by module configuration on their end and here all is well.

[Ron]

Hey, you almost sound sykotic.

Glad you got things worked out.

[sykotic1]

Well I'm sure it had nothing to do with the 6+ hours I spent shooting tickets back and forth... but seriously I don't mean to be rude or ramble the rep was very level headed and calculating which I thought was nice but whether I had a misunderstanding of the nature of my hosting or not my original request to get ipt_REDIRECT module loaded still took a while. After researching things like this and finding out that such basic actions need to taken to fix the problem anyone with any experience starts feeling helpless at not being in control right? I also had some misunderstandings about what my Power Panel could do in regards to controlling allocated VPS resources. I feel bad because if anything my lack of knowledge confused this person into having to explain some things to me all the while they are in the drivers seat for loading it up and getting me back in business.

I suppose that assuming a host will have such things prepped on a given node might be, well, a little presumptuous. And I know that they get busy with jerks like me hassling them for such minor things but since I've managed a few dedicated machines myself I've gotten used to quick solutions and more personal collaboration for problems which I don't at all mind paying for if need be (really wish Jaguar had a service package that gave clients a phone in to a tech). On the bright side this is probably one of the few times I will need to request such modifications. I’d love to know about other possible necessities for admin intervention but probably aside from kernel or PCI compliance issues there are not too many. I have not worked with a non-dedicated box in a while so I am a bit spoiled I admit. And Jaguar has always treated me right in the end, that's why I'm still with them