[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'Monowall \(E-mail\)'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] one other thing..RE: [m0n0wall] Correct setup for a firewall and 2 mail servers....HELP, please!
 Date:  Tue, 28 Dec 2004 15:54:23 -0500
Are you able to get any traffic to this second public IP (not just
SMTP)? The one you mentioned that you setup the Server NAT on Do you need Proxy ARP for your config? Are you using a
valid IP? Resolve the second IP - then the rules will (should) work. I
have heard of people having problems with really long ARP cache on ISP
side. Sometime waiting is the hardest part of IT. (15 min NetBios
Master Browser refresh on NT4 networks...)

You will need two inbound NAT rules (with corresponding Firewall
WAN  TCP  25 (SMTP)  25 (SMTP)
<ServerNAT>  TCP  25 (SMTP)  25 (SMTP)

You will also need to have a MX record that points to the secondary
server at a lower priority.

This seems like a bunch of work to do during/before a migration, just
to change it back...

James W. McKeand

P.s. I am only top posting because the rest of this tread is top
posting... I really don't want to start that argument again...

-----Original Message-----
From: Zadikem, Travis-taz [mailto:tzadikem at picosecond dot com] 
Sent: Tuesday, December 28, 2004 3:10 PM
To: johan at risc dot co dot za
Cc: Monowall (E-mail)
Subject: [m0n0wall] one other thing..RE: [m0n0wall] Correct setup for
a firewall and 2 mail servers....HELP, please!

I can't just edit the rule to go to another IP Address because it will
then remove the my
first (primary mail server).  I need to have two mail servers up
(primary and secondary).  
The secondary one is one that I am migrating users to.  
Hope this helps a bit,

Ok, I got that part.  Here is what my current config looks like:
Inbound NAT:
If Proto Ext. port range NAT IP Int. port range Description  
WAN  TCP  25 (SMTP)  25 (SMTP)        
WAN  TCP  110 (POP3)  110 (POP3)        
WAN  TCP  443 (HTTPS)  443 (HTTPS)  Webmail on pspl-mail

WAN  TCP/UDP  143 (IMAP)  143 (IMAP)     

With the appropriate automatic rules.  If I try to add another SMTP to
go to it does not work.  I have
also tried adding a new Server NAT like: then adding the inbound like so:
WAN  TCP  25 (SMTP) 
(ext.:  25 (SMTP)  Scalix SMTP  and It still
doesn't go to the server, but just for fun I added an entry
for SSH to goto and it worked fine.  So,
I am confused as to what my problem is.  My 

-----Original Message-----
From: Johan Roeloffse [mailto:johan at risc dot co dot za]
Sent: Tuesday, December 28, 2004 12:46 PM
To: Zadikem, Travis-taz
Subject: Re: [m0n0wall] Correct setup for a firewall and 2 mail
servers....HELP, please!

Evening Travis

The DNS database contains an MX(Mail Exchange) entry that forwards all
email for your domain web.picosecond.com to Your internal
network (192.168.1.x) is shielded from the Internet by the firewall,
all mail messages are forwarded to the firewall and the firewall
intern forward it to the internal mail server ( If you
are setting up a new mail server with an different IP address as the
original mail server you should have a problem. The rule on the
firewall only allows for mail to be forwarded to, edit
the rule on the firewall to reflect the ip address of the new mail

Only if you place the 2 mail-servers directly on the Internet (in
front of the firewall) would you need 2 extra addresses.



Zadikem, Travis-taz wrote: 

About 12/9/04 I sent an email to the list about a help with a dual
mail server setup. I am not able to get it

to work correctly and believe the original person who setup the
firewall had a misunderstanding.  As it appears

right now, the WAN address on the firewall is  There is a
rule that forwards anything from (port 25)

to an internal machine at  I am trying to setup a new
email server that will replace the old one.  

Can someone please enlighten me as to what the correct setup and an
example DNS entry would look like.  I believe

I really need 3 WAN addresses.  1 for the firewall, 1 for mail server
A and 1 for mail server B, but am not sure.