Community discussions

MikroTik App
 
yeager
just joined
Topic Author
Posts: 5
Joined: Sat Jul 31, 2021 12:42 am

Nat SMTP to second publik IP

Sat Jul 31, 2021 1:05 am

Hi

I try to find answer to my question, read many threads, but nothing.
I have one WAN port in my router and my internet provider forvard 24 public IP to it... I use one like Main publik IP for my internet connection, others is for servers. Problem is that many time i have problem while im backlisted. i think i have spammers on my network. Simple skript i use for autodetect and block spammers is not working after i get more public IP and i must use nat for set one of them for MAIN ADDRESS.

After i set this:
/ip firewall/nat
chain=srcnat action=src-nat to-addresses=185.188.239.206 out-interface=ether1 log=no log-prefix=""

This script not work, always added only my ip 185.188.239.206 to spammer list
/ip firewall/filter
1 ;;; Detect and add-list SMTP virus or spammers
chain=forward action=add-src-to-address-list connection-limit=30,32 protocol=tcp
address-list=spammer address-list-timeout=1d dst-port=25 limit=30/1m,5:packet log=no
log-prefix=""

2 ;;; BLOCK SPAMMERS OR INFECTED USERS
chain=forward action=drop protocol=tcp src-address-list=spammer dst-port=25 log=no
log-prefix=""


My question is, is it possible mark all connection on port 25 and send it on other public IP i have? Thisway my MAIN IP ADDRESS will be clear from spammers and will be not blacklisted. Or exist any other symple methode for block Spammers?



THX
B.R.

PS: first i cant send this post, while - Your IP 185.188.239.206 has been blocked because it is blacklisted. For details please see http://www.spamhaus.org/query/bl?ip=185.188.239.206.
 
yeager
just joined
Topic Author
Posts: 5
Joined: Sat Jul 31, 2021 12:42 am

Re: Nat SMTP to second publik IP

Sat Jul 31, 2021 3:21 pm

Noone have working solution?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Nat SMTP to second publik IP

Sat Jul 31, 2021 6:04 pm

So you use public IPs for servers?
Is the issue caused by users of the servers or people behind your router using the single IP for your home or own use??

As for servers are they:
a. protected by encrypted login (https, FTPs etc) or plain text login or no login?
b. limited by a source address or source address list on the corresponding dst NAT rule.
 
yeager
just joined
Topic Author
Posts: 5
Joined: Sat Jul 31, 2021 12:42 am

Re: Nat SMTP to second publik IP

Sat Jul 31, 2021 10:10 pm

Im a little isp... Have 500 clients... All my clients use one public ip...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Nat SMTP to second publik IP

Sat Jul 31, 2021 10:46 pm

Im a little isp... Have 500 clients... All my clients use one public ip...
How do you distribute internet from a single public IP to 500 folks.

500 vlans or 500 PPOE client connections?
 
yeager
just joined
Topic Author
Posts: 5
Joined: Sat Jul 31, 2021 12:42 am

Re: Nat SMTP to second publik IP

Sun Aug 01, 2021 5:40 am

VLANs and more IP ranges...
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Nat SMTP to second publik IP

Sun Aug 01, 2021 11:15 am

If only spammers do spam using SMTP-family ports then you can
add action=src-nat chain=srcnat dst-port=25,587,SMTPfamilyports out-interface=WAN protocol=tcp to-addresses=NOT_THE_MAIN_IP
but if they use "zombies" using unknown ports then there is no way to catch that traffic.

Why do you not spread traffic to different IPs grouping users like this
/ip firewall address-list
add address=172.31.0.0/28 list=CLIENTS_GROUP_A
add address=172.31.0.16/28 list=CLIENTS_GROUP_B
/ip firewall nat
add action=src-nat chain=srcnat src-address-list=CLIENTS_GROUP_A out-interface=WAN to-addresses=PUBLIC_IP_A
add action=src-nat chain=srcnat src-address-list=CLIENTS_GROUP_B out-interface=WAN to-addresses=PUBLIC_IP_B
as you can keep groups separated and easy track which group spams as the particular IP will be blocked
 
yeager
just joined
Topic Author
Posts: 5
Joined: Sat Jul 31, 2021 12:42 am

Re: Nat SMTP to second publik IP

Sun Aug 01, 2021 2:55 pm

Will be better nat 25,445,465,587 port traffic for all users to other privat IP
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Nat SMTP to second publik IP

Sun Aug 01, 2021 3:37 pm

Could be. It's your decision. And block SMTP on the main address in both directions to prevent occasional "leaking".

Who is online

Users browsing this forum: No registered users and 34 guests