|
||||||||
Are you able to get any traffic to this second public IP (not just SMTP)? The one you mentioned that you setup the Server NAT on 64.207.38.4. Do you need Proxy ARP for your config? Are you using a valid IP? Resolve the second IP - then the rules will (should) work. I have heard of people having problems with really long ARP cache on ISP side. Sometime waiting is the hardest part of IT. (15 min NetBios Master Browser refresh on NT4 networks...) You will need two inbound NAT rules (with corresponding Firewall rules): WAN TCP 25 (SMTP) 192.168.1.55 25 (SMTP) <ServerNAT> TCP 25 (SMTP) 192.168.1.160 25 (SMTP) You will also need to have a MX record that points to the secondary server at a lower priority. This seems like a bunch of work to do during/before a migration, just to change it back... _________________________________ James W. McKeand P.s. I am only top posting because the rest of this tread is top posting... I really don't want to start that argument again... -----Original Message----- From: Zadikem, Travis-taz [mailto:tzadikem at picosecond dot com] Sent: Tuesday, December 28, 2004 3:10 PM To: johan at risc dot co dot za Cc: Monowall (E-mail) Subject: [m0n0wall] one other thing..RE: [m0n0wall] Correct setup for a firewall and 2 mail servers....HELP, please! I can't just edit the rule to go to another IP Address because it will then remove the my first (primary mail server). I need to have two mail servers up (primary and secondary). The secondary one is one that I am migrating users to. Hope this helps a bit, Travis Ok, I got that part. Here is what my current config looks like: Inbound NAT: If Proto Ext. port range NAT IP Int. port range Description WAN TCP 25 (SMTP) 192.168.1.55 25 (SMTP) WAN TCP 110 (POP3) 192.168.1.55 110 (POP3) WAN TCP 443 (HTTPS) 192.168.1.55 443 (HTTPS) Webmail on pspl-mail WAN TCP/UDP 143 (IMAP) 192.168.1.55 143 (IMAP) With the appropriate automatic rules. If I try to add another SMTP to go to 192.168.1.160 it does not work. I have also tried adding a new Server NAT like: 64.207.38.4 then adding the inbound like so: WAN TCP 25 (SMTP) 192.168.1.160 (ext.: 64.207.38.4) 25 (SMTP) Scalix SMTP and It still doesn't go to the server, but just for fun I added an entry for SSH to goto 192.168.1.160 and it worked fine. So, I am confused as to what my problem is. My -----Original Message----- From: Johan Roeloffse [mailto:johan at risc dot co dot za] Sent: Tuesday, December 28, 2004 12:46 PM To: Zadikem, Travis-taz Subject: Re: [m0n0wall] Correct setup for a firewall and 2 mail servers....HELP, please! Evening Travis The DNS database contains an MX(Mail Exchange) entry that forwards all email for your domain web.picosecond.com to 64.207.38.2. Your internal network (192.168.1.x) is shielded from the Internet by the firewall, all mail messages are forwarded to the firewall and the firewall intern forward it to the internal mail server (192.168.1.55). If you are setting up a new mail server with an different IP address as the original mail server you should have a problem. The rule on the firewall only allows for mail to be forwarded to 192.168.1.55, edit the rule on the firewall to reflect the ip address of the new mail server. Only if you place the 2 mail-servers directly on the Internet (in front of the firewall) would you need 2 extra addresses. Regards Johan Zadikem, Travis-taz wrote: About 12/9/04 I sent an email to the list about a help with a dual mail server setup. I am not able to get it to work correctly and believe the original person who setup the firewall had a misunderstanding. As it appears right now, the WAN address on the firewall is 64.207.38.2. There is a rule that forwards anything from 64.207.38.2 (port 25) to an internal machine at 192.168.1.55. I am trying to setup a new email server that will replace the old one. Can someone please enlighten me as to what the correct setup and an example DNS entry would look like. I believe I really need 3 WAN addresses. 1 for the firewall, 1 for mail server A and 1 for mail server B, but am not sure. Thanks, Travis |