Attention: open in a new window. PDFPrint

How To: forwarding ports to an other server

As I decided to move all my domains I am currently hosting, I was in the need to find a way, to keep the downtime of my mailserver as low as low as possible. This is not that hard to archieve if you are using POP3 accounts only:

Just run the mail server on both hosts, the old and the new one and read the mail input from both hosts. As publishing a new DNS entry may need some days to reach every DNS on the internet, just keep polling the mails from the old server for about five days and everything should work fine.

It gets more complicated if you are using IMAP accounts on your mailserver. As you most likely do not want to lose any mail you will need to keep both systems in sync using the trick above which is not that easy to archive. I also had the problem that not all domains could be transferred at the same time as my domains are hosted on different DNS servers. So I looked out for an other way to keep my maildirs in sync.

The idea I had was just to forward any mail traffic from the old host to the new host, which means forwarding all SMTP, POP3S and IMAPS traffic to an other machine on the internet. Notice, that you cannot archive this using NAT, as you do not have a private network between the old and the new server as long as you do not use some vpn connection between them which will cause your new server to pass all its traffic over the old server. That would cause all your services to stop working after your DNS entries have been changed. In fact you will need a service that listens on a port on your old system for connections and forwards all TCP traffic to this port to your new host.

Thankfully I have not been the only person having the same idea, so I found a tool called rinetd doing exactly this. It just listens for new connections on a port specified and forwards all incoming traffic on this port to a port specified on an other host. And the best of it: The configuration is very straightforward and could be done within a few minutes.

On a debian based system you could easily install the tool using:

apt-get install rinetd

The configuration file of the service could be found at /etc/rinetd.conf. To add a new forwarding entry just add a line using the following syntax:

0.0.0.0 123 11.22.33.44 456

The first IP-address says that rinetd will listen on all IP adresses of the system. The 123 is the port the service listens on at the source host, 11.22.33.44 is the destination IP of the host running the service and 456 is the number of the destination port. A configuration file forwarding http, https, imap, imaps, pop, pops and smtp request would look like this:

0.0.0.0         25        11.22.33.44   25
0.0.0.0         80        11.22.33.44   80
0.0.0.0         443       11.22.33.44   443
0.0.0.0         143       11.22.33.44   143
0.0.0.0         993       11.22.33.44   993
0.0.0.0         110       11.22.33.44   110
0.0.0.0         995       11.22.33.44   995

The configuration will forward all requests on the old host to the new one. In case of the SSL based protocols, you need to make shure, that the certificate on the new host matches the DNS entry.