[ previous ] [ next ] [ threads ]
 
 From:  Mark Wass <mark dot wass at market dash analyst dot com>
 To:  Mark Wass <mark dot wass at market dash analyst dot com>
 Cc:  Chris Buechler <cbuechler at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] SMTP and NAT
 Date:  Thu, 04 May 2006 11:44:02 +1000 
Come to think of it I have a Web server in my DMZ on port 80 (on a 
public IP) and a NAT rule to another mail server in my LAN on port 80. I 
have since realised that I cannot access the web server on port 80 in my 
DMZ at the public IP address from out side my monowall.

What do I do?

How can I allow web access to both these servers?


Mark Wass wrote:

> Hi Chris
>
> My mono WAN has an IP of 203.xxx.xxx.aaa (public IP) this is the IP 
> that the NAT to port 25 is done on)
>
> My DMZ has public IP's of 203.xxx.xxx.bbb (these are public IP's)
>
> My new mail server is on the DMZ at IP 203.xxx.xxx.bb1 (this is a 
> public IP)
>
> I have a NAT rule on the WAN interface pointing to port 25 at 
> 192.168.1.xxx (and of course a NAT rule for that)
>
> All I want is when someone send email to the domain at 203.xxx.xxx.bb1 
> it should go to that mail server.
>
> My overall goal is to have my current production mail server which is 
> in my LAN accept mail for it's domains and for the new mail server in 
> the DMZ to accept mail for its domain.
>
> Why can't I have these two machines collecting mail?
>
> Mark
>
> Chris Buechler wrote:
>
>> On 5/3/06, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
>>
>>>
>>> I have a rule at the top of my list allowing access to port 25 on 
>>> the IP
>>> address of my new mail server in the DMZ
>>>
>>> Are the NAT rules executed first?
>>>
>>
>> NAT is first.  Your NAT rule for port 25 has to point to the proper
>> server, and you have to have a firewall rule permitting the traffic.
>>
>>
>>> How do I make sure that the correct mail server is connected to?
>>>
>>
>> You make it sound like you have two SMTP servers and one public IP. 
>> You can't open port 25 on one IP to two different internal hosts.  You
>> either need a second IP for the second server, or setup the first
>> server to accept mail for the second and relay to it for its domains.
>>
>> -Chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>
>