[ previous ] [ next ] [ threads ]
 
 From:  Mark Wass <mark dot wass at market dash analyst dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] SMTP and NAT
 Date:  Fri, 05 May 2006 15:10:58 +1000
Ok this NAT issue is driving me insane.

Can anyone explain why when I try and telnet to my mail server in my DMZ 
which has a public IP, ends up going to a mail server I have Natted to 
my LAN (private IP address)

For example my mail server in the DMZ has an IP of 203.xxx.xxx.bbb/27

When I do - telnet 203.xxx.xxx.bbb 25

It connects me to my mail server in the LAN, it seems to totally ignore 
the IP address I am using and just do the NAT.

The NAT I have is on my WAN IP 203.xxx.xxx.aaa/30 and goes to port 25 at 
the mail server in my LAN.

Please someone help this just does not make sense.

Thanks :-)

Mark

Mark Wass wrote:

> Hi Chris
>
> >Is there any NAT involved, or are the public IP's assigned directly 
> on the DMZ systems?
>
> There is no NAT in the DMZ. My ISP routes to my 203.xxx.xxx.xxx 
> network (I'm using Advanced outbound NAT)
>
> >Can the systems on the DMZ get out to the Internet properly?
>
> Yes they can access the net ok
>
> What appears to be happening is that when a packet destined for port 
> 25 hits my WAN IP it automatically sends it to the NAT rule, thus the 
> packet hits my mail server on the LAN.
>
> In my WAN rules I have at the top of the list a rules that says allow 
> access to port 25 at IP 203.xxx.xxx.bb1 (my new mail server), I 
> thought this would get executed first and then any NAT rules (NAT 
> rules followed below this one).
>
> Mark
>
> Chris Buechler wrote:
>
>> On 5/3/06, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
>>
>>>
>>>  All I want is when someone send email to the domain at 
>>> 203.xxx.xxx.bb1 it
>>> should go to that mail server.
>>>
>>
>> Oh, this makes much more sense now.  Is there any NAT involved, or are
>> the public IP's assigned directly on the DMZ systems?  Can the systems
>> on the DMZ get out to the Internet properly?
>>
>> -Chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>