I have a mail server Guest with a host-only network (192.168.233.128), and I am forwarding SMTP and POP3 traffic from the Host to the Guest with the following iptables DNAT rules:
iptables -t nat -A PREROUTING -d $HOST_EXTERNAL_IP -p tcp --dport 25 -j DNAT --to-destination 192.168.233.128:25
iptables -t nat -A PREROUTING -d $HOST_EXTERNAL_IP -p tcp --dport 2525 -j DNAT --to-destination 192.168.233.128:25
iptables -t nat -A PREROUTING -d $HOST_EXTERNAL_IP -p tcp --dport 110 -j DNAT --to-destination 192.168.233.128:110
This forwards correctly (i.e. all traffic on those 3 ports is redirected to the mail server), but the logs of the mail server say that all the connections are coming from 192.168.233.1 (i.e. the Host's IP for the host-only network). Apart from being annoying because I don't know what IP the mail is actually coming from, the server is rejecting some mail from domains with SPF entries, which is a big problem.
Does anyone know how I can set up the forward so that my Guest will log the original source IP address (i.e. the server sending the mail) instead of the Host's IP address?