I am running a mail server behind NAT. Public interface has a range of IP addresses. All outgoing traffic originates from the highest IP address of Public interface, but I would need to force the SMTP outgoing traffic to certain IP address from the public range, different from the highest IP address.
I have tried source nat from local IP address of mail server to exact public IP address present on Public interface, but my mail traffic still appears as comming from the highest IP address of Public interface.
change wan port with your public interface, src-address with local ip, to addresses with your public ip which your smtp will get when go outisde to the internet
This is exactly what I have tried - but for some reason it did not work. I am pinging a public address from my mail server, and pings still arrive from the highest address of my WAN interface.
I’ve tried to put that rule in front and under the general NAT rule, have even tried to disable the main NAT for test - but no luck.
How does WAN interface choose the public address from which it would transmit traffic?
I am pretty sure that it used to be the lowest available IP address (or was it on Microsoft?).
Could I influence that in any way? Could it change with fw updates in the future?
Router is 1100AH. I am bridging interfaces 1 and 6 to cover both switching groups, but only Ether1 is currently connected to ISP’s router. Ether6 is disconnected.
Switching group 1 covers local 192.168.152.0/24 subnet, and switching group 2 covers 192.168.40.0/24.
Is that a problem?
I have assigned all available public IP addresses to bridge1.
The original post says the servers are behind NAT. That seems inconsistent with bridging the ISP connection across both switching groups. What are you trying to achieve?
Unless there is a good unstated reason for bridging the ISP / WAN port I suggest using an unbridged port as the WAN connection and move your IP assignments and NAT rules to reflect that port.
Well … it’s a long story, but I don’t think it should be a problem, and frankly I don’t see how it would be inconsistent with servers being behind NAT. Bridge1 is NAT-ed.
So, I have solved my immediate problem in a totally wierd way which rises even more questions:
I have noticed that the address from which all traffic is transmitted is listed first in /ip address print. So I have deleted that address and then created it again.
Now all my traffic comes from a different address - luckily exactly the one I needed for my SMTP traffic, but NOT the address which was next on the list before I have removed the forementioned address.
This leaves the question: How does RouterOS decide which address it would use out of several defined on the inteface?
During this process I’ve learned that L2TP VPN tunnels could only be built if preferred address is targeted on bridge1 interface. This is my next problem…
OK - it seems that I have resolved most of the problems:
After removing and giving back the offending highest IP address to bridge1, I had to reboot the router in order to make bridge1 automatically created route to public range take the lowest IP address as preferred source.
Having that done, now the src-nat rule works fine redirecting outgoing traffic of my mail server to desired address. Further on, I can now manipulate the default IP address from which traffic goes out by setting preferred address on default route.
About the only question left now is: Does anyone know how I could manipulate the order of IP addresses assigned to an interface - other than deleting them and re-enter in desired order?!?