Trouble with sending e-mails

Atom · February 20, 2007, 2:16pm

Scenario:

Ive windows server 2003 with exchange, IP: 10.0.0.2.
My gateway is Mikrotik 2.9, LAN IP 10.0.0.1, WAN IP 192.168.0.1. Next to mikrotik is DSL router with IP 192.168.0.254 and public ip 83.69.x.y.
(server-mikrotik-dsl router-internet)
I NAT port 25 on dsl router (incoming 83.69.x.y to 192.168.0.1) and then i NAT it again on mikrotik (incoming 192.168.0.1:25 to 10.0.0.2:25).
From outside, everything seems to be fine.

Ive some notebooks users who have trouble sending e-mails when they have SMTP adress 85.71.106.15. When they connect from internet (gprs, something), its pretty fast. But when they connect their notebook on LAN, they have IP adress like 10.0.0.24 (assigned via DHCP), they mostly cannot send emails - sometimes yes, sometimes no response in 60secs delay.
Their email configuration: smtp adress: 85.71.106.15.

Im pretty sure it cannot work well behind 2 NATs from inside network. How to solve this?

Diganet · February 20, 2007, 2:47pm

dst nat tcp port 25 with a destination address of 85.71.106.15/32 from inside interface to 10.0.0.2 port 25

/Henrik

Atom · February 20, 2007, 3:01pm

Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=INET action=masquerade

1 ;;; SMTP local NAT
chain=dstnat in-interface=LAN src-address=10.0.0.0/24 dst-address=83.69.x.y protocol=tcp dst-port=25 action=dst-nat
to-addresses=10.0.0.2 to-ports=25

2 ;;; SMTP PUBLIC NAT
chain=dstnat dst-address=192.168.0.1 protocol=tcp dst-port=25 action=dst-nat to-addresses=10.0.0.2 to-ports=25

when i add rule 1. the email client wont even connect to mail server.

Připojení k serveru se nezdařilo. Účet: ‘83.69.x.y’, Server: ‘83.69.x.y’, Protokol: SMTP, Port: 25, Zabezpečení (SSL): Ne, Chyba zásuvky: 10060, Číslo chyby: 0x800CCC0E

(sry this is czech language but u all know the message)

Diganet · February 20, 2007, 7:18pm

Sorry didn’t read your post properly, thought you were going out on another interface

/Henrik

virtualmystic · February 21, 2007, 5:47pm

first simplify your network
in normal scenario…you will be using pppoe for your dsl(yur router dialing pppoe), configure your dsl router in bridge mode n let MT dial your pppoe to dsl…this way you will have 83.* ip on your MT..then use single NAT on MT n see results.

regards,
Asad

Atom · February 22, 2007, 10:58am

good idea! have to try this asap

Diganet · February 22, 2007, 12:17pm

Another thing you could do is to use DNS names instead of IP on the clients mailprograms and then let your local DNS translate that into the local IP address.

/Henrik