MAIL going out through Virtual IP
-
Hello,
I use: Current version: 2.0-BETA4 Built On: Mon Oct 18 15:51:06 EDT 2010
I have multiple Virtual IPs on my WAN Interface (xxx.xxx.xxx.206,xxx.xxx.xxx.209,xxx.xxx.xxx.210,xxx.xxx.xxx.211) and all traffic that goes out seems to come from my MAIN-IP-Address (xxx.xxx.xxx.206).
My official SMTP-Address is xxx.xxx.xxx.209.
My Problem is that there are some Mailservers (freenet.de) that reject my mail with following error:
xxxxxxxxxx@freenet.de: host mx.freenet.de[195.4.92.9] said: 550
inconsistent or no DNS PTR record for xxx.xxx.xxx.206 (see RFC 1912 2.1) (in
reply to RCPT TO command)So I need my outgoing mail to come from my xxx.xxx.xxx.209
I have a mailserver in my DMZ.
I have "Automatic outbound NAT rule generation (IPsec passthrough included)" switched on and tried
to add a Mapping to do this.
but it didn't work.I tried a following MAPPING:
Interface: DMZ
Protocol: TCP
Source: Type: Network # Address: 10.91.2.3 / 32 # Source port: empty
Destination: Type: any # Address: empty # Dest.port: 25
Translation: Address: xxx.xxx.xxx.209 # Port: emptyBut it didn't work!
Please can anybody help me!????
Greetings
Oliver/xxxxxxxxxx@freenet.de -
If you want to use your own outbound NAT rules, you need it on manual, not automatic.
-
The interface specified there should be WAN, not DMZ.
-
use 1:1 nat
Interface: WAN
External Subnet: xxx.xxx.xxx.209 /32
Internal Subnet: 10.91.2.3 / 32
Everything that try's to get to the "209" address will be forwarded to your .3 machine. Use firewall rules to control what actually makes it…
Anything that leaves this machine for the WAN will show up as the .209 address.
-
Hello and thanks for your reply,
1.) Would that look something like this? (see attached .jpg)
2.) I already have a nat-Rule that does forward all traffic coming in on xxx.xxx.xxx.209 on port 25 to 10.91.2.3
DO I have to disable this rule?3.) Does this 1:1 Mapping forward outgoing and incoming traffic?
Thanks a lot!
Greetings
-
Yep-
Looks a little different on 1.2.3 which I use and referred to on my original post.
No you do not need to keep your ports forwarded. Basically 1:1 NAT marries the intended public IP to your intended NAT ip in and out.
Since I use ver. 1.2.3 I actually kept my forwarded ports also due to 1:1 not working with nat reflection in my version. (allows me to reach the server using my domain name from inside the network with my laptop… I see in ver 2.0 that a NAT reflection option exists on the 1:1 NAT page...
-
Remove that /32 from the external subnet field. That takes only an IP address.
Just now I've changed the descriptions a bit to further clarify things.
-
Thanks,
I just tested it - using this 1:1 Binding.
It seems to work.
Thanks a lot
Greetings
-
Oops- sorry… 1.2.3 has a box for the mask bits... 2.0 does not...
Glad to see its working... ;)
-
There was only one of those boxes in 1.2.3 for the bit count. Technically it was just moved to a different spot when this change was made.
