My company recently moved our mail server behind our m0n0wall firewall
but we are having problems connecting to the public ip from behind the
firewall.
Problem:
Can't send mail to public IP from behind the firewall. Clients must
stay behind the firewall. Using the host file on each server to point
to the mail server for each client is not an option. example
"10.0.0.9 mail.example.com"
Client setup:
Client Public IP xxx.xxx.xxx.100
Client Private IP 10.0.0.100
Client domain example.com
Client server Server1 (10.0.0.10)
Mail server domain mail.example.com
Mail server public ip xxx.xxx.xxx.9
Mail server private ip 10.0.0.9
Mm0n0wall NAT:
xxx.xxx.xxx.9/32 -> 10.0.0.9
xxx.xxx.xxx.10/32 -> 10.0.0.10
...
Example of telnet mail session:
Server1# host example.com
example.com.com has address xxx.xxx.xxx.100
example.com mail is handled (pri=10) by mail.example.com
Server1# telnet mail.example.com 25
Trying xxx.xxx.xxx.9...
telnet: connect to address xxx.xxx.xxx.9: No route to host
telnet: Unable to connect to remote host
Other information:
Server1# ping xxx.xxx.xxx.9
PING xxx.xxx.xxx.9 (xxx.xxx.xxx.9): 56 data bytes
36 bytes from 10.0.0.1: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 6444 0 0000 40 01 5ee1 10.0.0.10 xxx.xxx.xxx.9
Server1# ping 10.0.0.9
PING 10.0.0.9 (10.0.0.9): 56 data bytes
64 bytes from 10.0.0.9: icmp_seq=0 ttl=64 time=0.248 ms
64 bytes from 10.0.0.9: icmp_seq=1 ttl=64 time=0.131 ms
64 bytes from 10.0.0.9: icmp_seq=2 ttl=64 time=0.138 ms
Example Network:
+-----------+
| m0n0 wall |
| 10.0.0.1 |
+-----------+
|
|
+---------+
| Switch |
+---------+
_/ | \_
_/ | \_
/ | \
+-------------+ +--------------+ +--------------+
| Mail server | | Web server 1 | | Web server 2 |
| 10.0.0.9 | | 10.0.0.10 | | 10.0.0.11 |
+-------------+ +--------------+ +--------------+
Lots more web servers but i'm not the fastest a ascii art. | 