On 1/10/2014 3:25 PM, Alfonso Alejandro Reyes Jiménez wrote: > On 1/10/14, 9:18 AM, Andy Rowe wrote: >> >> # >> > I understand that you want to keep the connection on that belongs to > each router right? > > if so your issue is because you have asymmetric routing and may be > your firewall is blocking the connection because it doesn't have the > connection on the state table of the default gateway router. I > suggest as a quick solution to source NAT the connections (for an IP > that you have on L2), in that case your server will answer the > request to the L2 ip that initiate the connection. > > Cons: you are going to see the routers internal interface on every > connection, this configuration discards any filter or rate that you > may use based on IP address.
**DANGER** Using SNAT is an easy way to make yourself an open relay. One must insure that the router's internal IP address is never included in the postfix mynetworks setting. Using SNAT also disables the most useful anti-spam controls. It will solve the routing problem, but at great cost. -- Noel Jones
