Can any body please advise / help me. Every now and then we get a virus and then we get spammed blocked.
We have two domain / mail controllers on our network
Is there away that one can prevent virus software from sending spam via an ip.
The way we operate is that we have the following add:
we have two router (RB1xxx) connecting via fiber cables ( 1G) ports to the internet.
Each router is configured as a train ( A & B main / backup)
The routers are connected via a single ip (local) 41.168.6.130/32 remote 41.168.6.129
That is on ethernet port 1
We also have a 41.168.6.68/25 on ethernet 1
The email servers are 41.168.6.65 and 41.168.6.70
Currently the masquerade is set to masquerade only 10.0.0.0/8. ( coming from ethernet 2)
Some how the ip 41.168.6.130 get blacklisted which means that the the data get masqueraded to ip 41.168.6.130 and not as ip 41.168.6.68
6 chain=srcnat action=masquerade src-address=10.0.0.0/8 src-address-list=!41.168.6.65 out-interface=ether1
Is there any way I can configure the router to only masquerade data from ethernet 2 to ethernet 1 as ip 41.168.6.68 and not to 41.168.6.130?
Don’t use masquerade. Change the action of that rule to src-nat and manually specify your to-address. “masquerade” is the same as src-nat but automagically picks the to-address, which in your case is the wrong address. Once you manually pick it you have full control over what traffic gets NATed to.
Search the wiki and forums for approaches to preventing machines from sending out mass email. It’s fairly complex a problem and had been covered elsewhere already.
0 10.0.0.1/24 10.0.0.0 10.0.0.255 ether2
1 ;;; Sheratin Linen
10.0.1.254/24 10.0.1.0 10.0.1.255 ether3
2 ;;; Bargain Books
192.168.0.1/24 192.168.0.0 192.168.0.255 ether4
3 X 192.168.2.1/24 192.168.2.0 192.168.2.255 ether7
4 ;;; vlan neo-GIDC-2047 as per neotel WDDC1-WDDC1-BWELTTR1
41.168.6.130/32 41.168.6.129 41.168.6.129 ether1
5 10.99.0.1/24 10.99.0.0 10.99.0.255 ether9
6 41.168.6.68/26 41.168.6.64 41.168.6.127 ether1
7 X ;;; HACKER
58.165.177.235/32 58.165.177.235 58.165.177.235 ether1
8 X ;;; HACKER
71.89.70.130/32 71.89.70.130 71.89.70.130 ether1
9 X ;;; HACKER
207.172.52.177/32 207.172.52.177 207.172.52.177 ether1
10 X ;;; HACKER
94.65.88.154/32 94.65.88.154 94.65.88.154 ether1
11 X ;;; HACKER
114.69.128.225/32 114.69.128.225 114.69.128.225 ether1
12 X ;;; HACKER
196.33.166.210/32 196.33.166.210 196.33.166.210 ether1
13 X ;;; Hacker?
155.232.240.19/32 155.232.240.19 155.232.240.19 ether1
14 X ;;; Hacker?
196.33.166.208/32 196.33.166.208 196.33.166.208 ether10
15 X 192.168.99.254/24 192.168.99.0 192.168.99.255 ether13
16 X ;;; HACKER
201.21.35.2/32 201.21.35.2 201.21.35.2 ether1
Routes ip routes:
DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; ROute to Internet
0.0.0.0/0 41.168.6.129 1
1 X S ;;; ROute to Internet
0.0.0.0/0 10.0.0.3 1
2 A S ;;; Route to Wireless Network
10.0.0.0/8 10.0.0.2 1
3 ADC 10.0.0.0/24 10.0.0.1 ether2 0
4 ADC 10.0.1.0/24 10.0.1.254 ether3 0
5 X S ;;; Tx Route to Mkb
10.2.0.0/16 10.0.0.4 1
6 A S ;;; Helderberg via Boskloof
10.4.1.0/24 10.0.0.4 1
7 A S 10.4.11.0/24 10.0.0.4 1
8 A S ;;; Via Boskloof
10.4.12.0/24 10.0.0.4 1
9 A S 10.4.16.0/24 10.0.0.4 1
10 A S 10.4.17.0/24 10.0.0.4 1
11 X S 10.6.0.128/32 41.168.6.66 1
12 A S ;;; Hermanus
10.12.0.0/16 10.12.1.1 1
13 ADC 10.12.1.1/32 10.0.0.1 0
14 ADC 10.99.0.0/24 10.99.0.1 ether9 0
15 ADC 41.168.6.64/26 41.168.6.68 ether1 0
16 X S ;;; New Mail server
41.168.6.69/32 10.0.0.2 1
17 A S ;;; Radius server
41.168.6.71/32 10.0.0.2 1
18 A S ;;; Main VOIP
41.168.6.72/32 10.0.0.2 1
19 X S ;;; Test ip
41.168.6.75/32 10.0.0.2 1
20 X S ;;; J Steyn
41.168.6.77/32 10.0.0.2 1
21 A S 41.168.6.78/32 10.0.1.1 1
I am also in doubt, because that is quite a mess and hard to read.
Replace your NAT rules that have an action of “masquerade” (which should only be used with interface that receive their IP via DHCP or a PPP process) to have an action of “src-nat”, manually specifying the IP address the router should use to replace the source address with via the “to-address” parameter.
I don't know why it cam out the way it did this is all I have. Two masquerade rules.
The two rules are:
This is input from ethernet port 4
add action=masquerade chain=srcnat comment="" disabled=no src-address=
192.168.0.0/24
This is from ethernet port 2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=
ether1 src-address=10.0.0.0/8 src-address-list=!41.168.6.65
Both leaving via ethernet 1
These are the addresses:
Flags: X - disabled, I - invalid, D - dynamic
