This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT and filter rules for mail server

Our mail server is on DMZ with a private IP address,there is a additional address on the external interface of firewall configured with the MX IP of mail server.
Could anyone tell which all SNAT/DNAT and packet filter rules needs to be applied.

This thread was automatically locked due to age.

0 preet over 17 years ago

In this forum i found many such example and everywhere its all about DNAT
Any--SMTP--External Mail Alias Interface--DNAT---Internal Mail Server
What about the SNAT rule?
Cancel
Vote Up 0 Vote Down

Cancel
0 Jack Daniel over 17 years ago in reply to preet

If you are using the external IP of the Astaro and you have a masquerade rule, you shouldn't need to SNAt your SMTP.

If you are using an additional IP, you will need an SNAT [internal server ip > SMTP > Any > external IP alias] so that the outbound email will come from an IP matching your MX record.
Cancel
Vote Up 0 Vote Down

Cancel
0 eganders_01 over 17 years ago in reply to preet

There are some postings on the forums about SNAT rules, but the bottom line is if you need you e-mail coming from a certain IP in your block (typically for validation purposes on the recipients side), setup a SNAT rule.

Many people don't use a SNAT (for e-mail) because they have a NAT masquerade in place for all their outbound traffic (e-mail, http, whatever, etc.) all using the same IP.
Cancel
Vote Up 0 Vote Down

Cancel
0 preet over 17 years ago in reply to eganders_01

Thanks,as i am using additional IP on the additional interface so need to use
internal server ip > SMTP > Any > external IP alias
Also masquerading is not possible when using additional interface,the drop down only shows original interface (external or internal) no additional interface.
Cancel
Vote Up 0 Vote Down

Cancel