Community discussions

MikroTik App
 
technick
newbie
Topic Author
Posts: 29
Joined: Fri Jun 10, 2022 5:03 am
Location: Canada
Contact:

2 Email Servers/multiple static IPs- need NAT/firewall help

Thu Jun 23, 2022 6:29 am

Hi,

I'm looking for some help, maybe a direction. I've recently converted from cisco to mikrotik for my server room network, and after a rocky week of configuration and trying to get things to work many services are working.

My situation is:
- 5 public static IPs, 1st is default WAN IP for outgoing connections by client devices (works) - ALL public IPs are on a single WAN port
- several web services are behind this router, including http, https, dns, and realated email services
- web and DNS all resolve from the outside to their respective addresses, even the webmail interfaces are accessible to both email servers.
- clients can access internet and IP1 shows up as their originating address as intended

The Problem:
I have 2 email servers resolving email for different domains, in the cisco router I had 1-1 NAT setup for this and firewall rules to allow access to the desired ports (25, 110, 143, 587, 993) for each server from the outside world, and this setup worked without issues.

I am new to using NAT/firewall in the way mikrotik does them and I think my configuration is causing the lack of email.
I can see my ports when I use a server port checking tool, however there is almost zero mail flow in or out (for some reason I can send out emails from Server 2, but not server 1, and neither can receive emails.)


The setup
I've set up a single SRCNAT-MASQUERADE - SRC ADDRESS: lan, out interface: bridge-wan
For access to the email servers I have set up DST-NAT DST address: public IP2 (and IP 3 for second email server), protocol tcp 110 (etc), in interface: bridge-wan action DST-nat
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: 2 Email Servers/multiple static IPs- need NAT/firewall help  [SOLVED]

Thu Jun 23, 2022 8:21 pm

If you liked NAT 1:1, you can have it here too:
/ip firewall nat
add chain=dstnat dst-address=<IP2> action=netmap to-addresses=<server1>
add chain=dstnat dst-address=<IP3> action=netmap to-addresses=<server2>
add chain=srcnat src-address=<server1> action=netmap to-addresses=<IP2>
add chain=srcnat src-address=<server2> action=netmap to-addresses=<IP3>
add chain=srcnat out-interface=<WAN> action=src-nat to-addresses=<IP1>
 
technick
newbie
Topic Author
Posts: 29
Joined: Fri Jun 10, 2022 5:03 am
Location: Canada
Contact:

Re: 2 Email Servers/multiple static IPs- need NAT/firewall help

Thu Jun 23, 2022 8:37 pm

Thanks for your code suggestion, I looked around but could not seem to find an appropriate solution. There are so many different ways to implement different functionality.

I'll try this and see if it helps my mail flow a bit better.

I have a firewall rule allowing DST NAT, so I'm guessing this should work the way I want. I will post back the results after trying this out!
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: 2 Email Servers/multiple static IPs- need NAT/firewall help

Thu Jun 23, 2022 8:48 pm

Yes, dstnat for selected ports is also correct:
/ip firewall nat
add chain=dstnat dst-address=<IP2> protocol=tcp dst-port=25,110,465,587 action=dst-nat to-addresses=<server1>
add chain=dstnat dst-address=<IP3> protocol=tcp dst-port=25,110,465,587 action=dst-nat to-addresses=<server2>
 
technick
newbie
Topic Author
Posts: 29
Joined: Fri Jun 10, 2022 5:03 am
Location: Canada
Contact:

Re: 2 Email Servers/multiple static IPs- need NAT/firewall help

Sat Jun 25, 2022 10:18 am

Great, thank you so much for the quick help! I'm getting up to speed really fast with the mikrotik community's help!

The 1-1 NAT works and email is flowing correctly now!

Who is online

Users browsing this forum: Amazon [Bot], collerok, CoMMyz, onnoossendrijver, VinceKalloe and 95 guests