This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Masquerading, NAT, Packet Filter - Help on the basic config, please

Let us assume that I have a mail server behind a public IP address: P.P.P.15

Astaro is sitting on an external public IP at P.P.P.14 / 29 (with a gateway at P.P.P.13 - the mail server is sitting on an extra IP address - everything is behind a Cisco 2800).

Assuming that the internal IP of my mail server is at 192.168.1.2, what masquerading, NAT and packet filtering (among anything else) must be put in place by Astaro to get SMTP in and out? At this point, I have the external interface configured on the P.P.P.14 address with a the mail server IP assigned as an "Additional Address".

This thread was automatically locked due to age.

Parents

0 BarryG over 15 years ago

Hi, you'd need a DNAT for the incoming traffic, and optionally an SNAT for outgoing traffic from the mailserver:

DNAT:
source: any
dest: p.p.p.15
service smtp (or any if you want ssh, etc. to work (with more PF rules))
change dest to: 192.168.1.2

SNAT:
source: 192.168.1.2
dest: any
service smtp
change source to: p.p.p.15

You'll need 2 packetfilter rules, one for incoming smtp and one for out:
source: ANY
service: smtp
Dest: 192.168.1.2
allow

source: 192.168.1.2
service: smtp
Dest: any
allow

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 15 years ago

Hi, you'd need a DNAT for the incoming traffic, and optionally an SNAT for outgoing traffic from the mailserver:

DNAT:
source: any
dest: p.p.p.15
service smtp (or any if you want ssh, etc. to work (with more PF rules))
change dest to: 192.168.1.2

SNAT:
source: 192.168.1.2
dest: any
service smtp
change source to: p.p.p.15

You'll need 2 packetfilter rules, one for incoming smtp and one for out:
source: ANY
service: smtp
Dest: 192.168.1.2
allow

source: 192.168.1.2
service: smtp
Dest: any
allow

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data