I have a mail server on an internal address behind my Firewall.
The problem i have is that if I DNAT all port 25 and port 110 traffic to the server, i am unable to communicate with the server if I don't masquerade my network behind the Firewalls internal Ether port. This would normally be fine, but the problem is that any IP based RBL checks my mail server tries to do fails, as the masquerade removes the source address. (RBL's require the source address of the original message)
Am i doing something wrong?