MAIL going out through Virtual IP

hubert1

Hello,

I use: Current version: 2.0-BETA4 Built On: Mon Oct 18 15:51:06 EDT 2010

I have multiple Virtual IPs on my WAN Interface (xxx.xxx.xxx.206,xxx.xxx.xxx.209,xxx.xxx.xxx.210,xxx.xxx.xxx.211) and all traffic that goes out seems to come from my MAIN-IP-Address (xxx.xxx.xxx.206).

My official SMTP-Address is xxx.xxx.xxx.209.

My Problem is that there are some Mailservers (freenet.de) that reject my mail with following error:

xxxxxxxxxx@freenet.de: host mx.freenet.de[195.4.92.9] said: 550
   inconsistent or no DNS PTR record for xxx.xxx.xxx.206 (see RFC 1912 2.1) (in
   reply to RCPT TO command)

So I need my outgoing mail to come from my xxx.xxx.xxx.209

I have a mailserver in my DMZ.

I have "Automatic outbound NAT rule generation  (IPsec passthrough included)" switched on and tried
to add a Mapping to do this.
but it didn't work.

I tried a following MAPPING:

Interface: DMZ
Protocol: TCP
Source: Type: Network # Address: 10.91.2.3 / 32 # Source port: empty
Destination: Type: any # Address: empty # Dest.port: 25
Translation: Address: xxx.xxx.xxx.209 # Port: empty

But it didn't work!

Please can anybody help me!????

Greetings
Oliver/xxxxxxxxxx@freenet.de

Efonnes

If you want to use your own outbound NAT rules, you need it on manual, not automatic.

dotdash

The interface specified there should be WAN, not DMZ.

chpalmer

use 1:1 nat

Interface: WAN

External Subnet:  xxx.xxx.xxx.209 /32

Internal Subnet:  10.91.2.3 / 32

Everything that try's to get to the "209" address will be forwarded to your .3 machine. Use firewall rules to control what actually makes it…

Anything that leaves this machine for the WAN will show up as the .209 address.

hubert1

Hello and thanks for your reply,

1.) Would that look something like this? (see attached .jpg)

2.) I already have a nat-Rule that does forward all traffic coming in on xxx.xxx.xxx.209 on port 25 to 10.91.2.3
DO I have to disable this rule?

3.) Does this 1:1 Mapping forward outgoing and incoming traffic?

Thanks a lot!

Greetings

chpalmer

Yep-

Looks a little different on 1.2.3 which I use and referred to on my original post.

No you do not need to keep your ports forwarded.  Basically 1:1 NAT marries the intended public IP to your intended NAT ip in and out.

Since I use ver. 1.2.3 I actually kept my forwarded ports also due to 1:1 not working with nat reflection in my version. (allows me to reach the server using my domain name from inside the network with my laptop…  I see in ver 2.0 that a NAT reflection option exists on the 1:1 NAT page...

Efonnes

Remove that /32 from the external subnet field.  That takes only an IP address.

Just now I've changed the descriptions a bit to further clarify things.

hubert1

Thanks,

I just tested it - using this 1:1 Binding.

It seems to work.

Thanks a lot

Greetings

chpalmer

Oops- sorry…  1.2.3 has a box for the mask bits...  2.0 does not...

Glad to see its working...  ;)

Efonnes

There was only one of those boxes in 1.2.3 for the bit count.  Technically it was just moved to a different spot when this change was made.