I have a mail server on an internal address behind my Firewall.
The problem i have is that if I DNAT all port 25 and port 110 traffic to the server, i am unable to communicate with the server if I don’t masquerade my network behind the Firewalls internal Ether port. This would normally be fine, but the problem is that any IP based RBL checks my mail server tries to do fails, as the masquerade removes the source address. (RBL’s require the source address of the original message)
I have set the Netmap rules. Should I exclude the mail server IP from the internal masquerade rule? As the masquerade rule is to masquerade all requests to the internal network behind the internal interface of the Router. And as such i still loose the original IP.
Should i then not be able to use the server without the masquerade rule? I am asking because if i exclude the server’s internal IP from the masquerade rule I am unable to send/receive mail.
OK. I have the netmap rules set up as above. And the packet counters are running, but I still have the problem where the masquerade rule below the netmap rules cause me to lose the original IP address. If I exclude the mail server’s internal IP from the masquerade rule, I am unable to send/receive from any of the internal PC’s.
For the record I have, with the help of a local Mikrotik guru, managed to get the server to work without the masquerade rule. However, I cannot seem to get the RBL checking to work as the server still reports that it is receiving all mail from a local address and as such cannot check the source IP address.