Assuming that eth0 (interface 0) connected to Internet and has 192.168.1.254 IP address.
Assuming that eth1 (interface 1) connected to LAN has 192.168.1.1 IP
*** Following two ruleset for outgoing SMTP requests ***
Iptables rules for eth0 SMTP outgoing client request to Internet
Code:
iptables -A OUTPUT -p tcp -s 192.168.1.254 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -jACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.1.254 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
eth1 SMTP forwarded outgoing client request from LAN using POSTROUTING table
Code:
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/24 --sport 1024:65535 -d 0/0 --dport 25 -j SNAT --to 192.168.1.254
iptables -A OUTPUT -p tcp -s 192.168.1.0/24 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.1.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
*** Following two ruleset for incoming SMTP requests ***
eth0 SMTP incoming client request form Internet
Code:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.254 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.1.254 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
eth1 SMTP incoming client request from LAN
Code:
iptables -A INPUT -p tcp -s 192.168.1.0/24 --sport 1024:65535 -d 192.168.1.1 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.1.1 --sport 25 -d 192.168.1.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Adjust IP and subnet and as per your setup.
Hope this helps!