> -----Original Message----- > From: Davide Ferrari [mailto:[email protected]] > Sent: Wednesday, April 15, 2009 5:38 AM > To: Shorewall Users > Subject: Re: [Shorewall-users] How to mask the internal ip of my mail > server > > On Tuesday 14 April 2009 22:12:27 Support CETEMMSA wrote: > > Virtual Mail Server > > ETH0: 192.168.10.24 > > GW: 192.168.10.1 > > > > Shorewall Firewall > > ETH0: 192.168.10.1 > > ETH1: 212.31.41.116 (IP ALIAS) and 212.31.41.88 > > > > When my mail server try to delivery an email to any external mail > server > > (hotmail, gmail, ...) this external mail server watch the internal IP > and > > refuse the mail because this is an internal IP. I need that the > external > > server watch the IP 212.31.41.116 instead of 192.168.10.24. I use > DNAT for > > any comupter watch the port 80, 25 and 110 from internet (using the > > 212.31.41.116 IP ADDRESS). > > Mmmh sorry but I don't think that you are experiencing problems with > externals > MTAs due to NAT, because your internal MTA is sending mails from a > public IP > address (I guess 212.31.41.88 which maybe is your default IP?), cause > otherwise it wouldn't simply work: remote MTA would have no chance to > communicate with a reserved private address as 192.168.10.24 is. > > Anyway, maybe what you're looking for is to edit /etc/shorewall/nat and > put > something like this: > > 212.31.41.116 eth0:0 192.168.10.24 yes > > which will NAT all the traffic from 192.168.10.24 to appear externally > as being > from 212.31.41.116, assuming eth0:0 is the alias you want. > Obviously you have to open the communication with the correct rule in > /etc/shorewall/rules > > HTH > (and if I'm saying nonsenses, list please correct me, thanks :) > > -- > Davide Ferrari > Atrapalo.com System Administrator >
couple of things: Is real-world DNS resolving your external address, and does it hold an MX record? proxy-arp in this type of basic dual-nic mail server setup worked well for me. May want to read up on that. -C ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
