1:1 NAT - no route to host



  • hi, i have a mail server behind a pfsense machine at my datacenter doing 1:1 NAt.
    the internal ip of the mail server is 192.168.0.11 with the external ip 66.11.117.178.
    when mail is recieved it resolves the domain
    Oct 27 11:45:09 mail postfix/lmtp[5728]: 97B69130074F: to=reza@rndcomputing.com, relay=none, delay=3, status=deferred (connect to mail.rndcomputing.com[66.11.117.178]: No route to host)

    and uses the external ip, along with the no route to host problem. is there a way to work around this? or should i have internal DNS servers point to the internal ip?/reza@rndcomputing.com



  • natreflection doesn't work for 1:1 nats. If this is only a mailserver and you only need few ports (25,110,…) turn off the 1:1 nat and use a combination of protforward and advanced outbound nat for this and enable nat reflection at system>advanced ( at the very bottom of the page). Other option is to set up split DNS like you suggested.


Log in to reply