There are cases, however, in which even the configuration change described above can not be attained. A server may be hard-wired at source code level to listen to a specific port, as many closed-source applications are, and it may not be desirable to run the wrapper at the firewall. Not all is lost, though, Using local firewalling rules, present in almost any Unix system, he can instruct the server to forward all incoming requests on the server's port to the wrapper's port, allowing only local connections (by local meaning originating in the same machine, not even network).
Advantages
Server's /etc/rc.local includes:
1
/sbin/ipchains -A input -d 192.168.0.1/32 --proto tcp --destination-port 25 -j REDIRECT 10025 /usr/local/bin/smtpwrap &
Firewall's /usr/local/bin/smtpwrap:
1
#!/usr/bin/perl use ProtoWrap::SMTP; use strict; my ($wrap); $wrap = ProtoWrap::SMTP->new('standalone' => 1, 'listenPort' => 10025, 'destType' => 'ip', 'destAddr' => '127.0.0.1', 'logLevel' => 3, 'maxMsgSize' => 3000000, 'relayDomainList' => ['mydomain.com'], 'maxRcpt' => 10, 'setUidTo' => 32767 ); die 'Can\'t start SMTP wrapper' if (not defined $wrap); $wrap->startServer() or warn 'Can\'t start wrapper for '.$wrap->getProp();