[ previous ] [ next ] [ threads ]
 From:  Mark Wass <mark dot wass at market dash analyst dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] SMTP and NAT
 Date:  Thu, 04 May 2006 11:30:37 +1000
Hi Chris

My mono WAN has an IP of 203.xxx.xxx.aaa (public IP) this is the IP that 
the NAT to port 25 is done on)

My DMZ has public IP's of 203.xxx.xxx.bbb (these are public IP's)

My new mail server is on the DMZ at IP 203.xxx.xxx.bb1 (this is a public IP)

I have a NAT rule on the WAN interface pointing to port 25 at 
192.168.1.xxx (and of course a NAT rule for that)

All I want is when someone send email to the domain at 203.xxx.xxx.bb1 
it should go to that mail server.

My overall goal is to have my current production mail server which is in 
my LAN accept mail for it's domains and for the new mail server in the 
DMZ to accept mail for its domain.

Why can't I have these two machines collecting mail?


Chris Buechler wrote:

> On 5/3/06, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
>> I have a rule at the top of my list allowing access to port 25 on the IP
>> address of my new mail server in the DMZ
>> Are the NAT rules executed first?
> NAT is first.  Your NAT rule for port 25 has to point to the proper
> server, and you have to have a firewall rule permitting the traffic.
>> How do I make sure that the correct mail server is connected to?
> You make it sound like you have two SMTP servers and one public IP. 
> You can't open port 25 on one IP to two different internal hosts.  You
> either need a second IP for the second server, or setup the first
> server to accept mail for the second and relay to it for its domains.
> -Chris
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch