Forward incoming smtp traffic to a diffferent internal ip

mhobart2 · June 12, 2012, 11:58am

Hi,

We currently do a “Full NAT” translation from an external public IP 0.0.0.0 to our internal mail server’s IP 1.1.1.1

We are adding a SMTP proxy filter so all incoming smtp mail will need to be forwarded to the Proxy’s internal IP 2.2.2.2

Is there a way I can keep the first translation of 0.0.0.0 to 1.1.1.1 (for users to connect their email clients when they’re on the public side) and create a rule to forward all incoming smtp traffic from 0.0.0.0 to the new proxy at 2.2.2.2?

I’m running routerOS 5.16.

Any help would be greatly appreciated! Thanks!

Caci99 · June 12, 2012, 5:27pm

/ip firewall nat
add chain=dstnat dst-address=0.0.0.0 protocol=tcp dst-port=25 action=dst-nat to-addresses=2.2.2.2 to-ports=25

mhobart2 · June 13, 2012, 12:38pm

Thanks for the quick reply!

So as long as I list this rule before/above the “full NAT” rule, all smtp traffic from 0.0.0.0 will be forwarded to 2.2.2.2 first…, but the users on the outside should still be able to access their email clients using the 0.0.0.0 to 1.1.1.1 full NAT rule?

Caci99 · June 13, 2012, 1:14pm

Yes, that should do it, but you better post your nat rules to have a clear picture (/ip firewall nat print).

I think you mean that customers should be able to reach the mail server using their email clients software.

mhobart2 · June 13, 2012, 1:48pm

/ ip firewall nat print
0 ;;; SMTP Mail forward rule
chain=dstnat action=dst-nat to-addresses=2.2.2.2 to-ports=25
protocol=tcp dst-address=0.0.0.0 dst-port=25

1 ;;; Mail
chain=dstnat action=dst-nat to-addresses=1.1.1.1
dst-address=0.0.0.0

2 ;;; Mail
chain=srcnat action=src-nat to-addresses=0.0.0.0
src-address=1.1.1.1

Yes you’re correct! I meant “the customers should be able to reach the mail server using their email clients software”