I have a mail server on an internal address behind my Firewall.
The problem i have is that if I DNAT all port 25 and port 110 traffic to the server, i am unable to communicate with the server if I don't masquerade my network behind the Firewalls internal Ether port. This would normally be fine, but the problem is that any IP based RBL checks my mail server tries to do fails, as the masquerade removes the source address. (RBL's require the source address of the original message)
Am i doing something wrong?
Re: Mail server nat
Hi,
You have to configure "NETMAP".
add Two rules under firewall NAT, and action=netmap
You have to configure "NETMAP".
add Two rules under firewall NAT, and action=netmap
Re: Mail server nat
I have set the Netmap rules. Should I exclude the mail server IP from the internal masquerade rule? As the masquerade rule is to masquerade all requests to the internal network behind the internal interface of the Router. And as such i still loose the original IP.
Re: Mail server nat
The netmap rule should be kept before masqurade rule.
There will be two NAT rule.
1. src-nat
2. dst-nat
and for both action=netmap
There will be two NAT rule.
1. src-nat
2. dst-nat
and for both action=netmap
Re: Mail server nat
Thanks for the reply.
Am i correct in assuming that the src-nat rule should be set to netmap to the public IP?
Am i correct in assuming that the src-nat rule should be set to netmap to the public IP?
Re: Mail server nat
NAT rule=src-nat, src-address=private IP, netmap-to-address=publicIP
NAT rule=dst-nat, dst-address=Public IP, netmap-to-address=Private IP
NAT rule=dst-nat, dst-address=Public IP, netmap-to-address=Private IP
Re: Mail server nat
Ok. I have done so.
Should i then not be able to use the server without the masquerade rule? I am asking because if i exclude the server's internal IP from the masquerade rule I am unable to send/receive mail.
Should i then not be able to use the server without the masquerade rule? I am asking because if i exclude the server's internal IP from the masquerade rule I am unable to send/receive mail.
Re: Mail server nat
OK. I have the netmap rules set up as above. And the packet counters are running, but I still have the problem where the masquerade rule below the netmap rules cause me to lose the original IP address. If I exclude the mail server's internal IP from the masquerade rule, I am unable to send/receive from any of the internal PC's.
Any ideas?
Any ideas?
Re: Mail server nat
For the record I have, with the help of a local Mikrotik guru, managed to get the server to work without the masquerade rule. However, I cannot seem to get the RBL checking to work as the server still reports that it is receiving all mail from a local address and as such cannot check the source IP address.
Anybody else having this problem?
Anybody else having this problem?
Re: Mail server nat
post the following:
/ip firewall nat export
Sam
/ip firewall nat export
Sam
Re: Mail server nat
Just need a dual nat setup. More confusing than it actually is. I'm sure a consultant can help you out..
Who is online
Users browsing this forum: Bing [Bot], GoogleOther [Bot] and 116 guests