> -----Original Message----- > From: Christopher Barry [mailto:[email protected]] > Sent: Wednesday, April 15, 2009 9:19 AM > To: Shorewall Users > Subject: Re: [Shorewall-users] How to mask the internal ip of my mail > server > > > -----Original Message----- > > From: Davide Ferrari [mailto:[email protected]] > > Sent: Wednesday, April 15, 2009 5:38 AM > > To: Shorewall Users > > Subject: Re: [Shorewall-users] How to mask the internal ip of my mail > > server > > > > On Tuesday 14 April 2009 22:12:27 Support CETEMMSA wrote: > > > Virtual Mail Server > > > ETH0: 192.168.10.24 > > > GW: 192.168.10.1 > > > > > > Shorewall Firewall > > > ETH0: 192.168.10.1 > > > ETH1: 212.31.41.116 (IP ALIAS) and 212.31.41.88 > > > > > > When my mail server try to delivery an email to any external mail > > server > > > (hotmail, gmail, ...) this external mail server watch the internal > IP > > and > > > refuse the mail because this is an internal IP. I need that the > > external > > > server watch the IP 212.31.41.116 instead of 192.168.10.24. I use > > DNAT for > > > any comupter watch the port 80, 25 and 110 from internet (using the > > > 212.31.41.116 IP ADDRESS). > > > > Mmmh sorry but I don't think that you are experiencing problems with > > externals > > MTAs due to NAT, because your internal MTA is sending mails from a > > public IP > > address (I guess 212.31.41.88 which maybe is your default IP?), cause > > otherwise it wouldn't simply work: remote MTA would have no chance to > > communicate with a reserved private address as 192.168.10.24 is. > > > > Anyway, maybe what you're looking for is to edit /etc/shorewall/nat > and > > put > > something like this: > > > > 212.31.41.116 eth0:0 192.168.10.24 yes > > > > which will NAT all the traffic from 192.168.10.24 to appear > externally > > as being > > from 212.31.41.116, assuming eth0:0 is the alias you want. > > Obviously you have to open the communication with the correct rule in > > /etc/shorewall/rules > > > > HTH > > (and if I'm saying nonsenses, list please correct me, thanks :) > > > > -- > > Davide Ferrari > > Atrapalo.com System Administrator > > > > couple of things: > > Is real-world DNS resolving your external address, and does it hold an > MX record? > > proxy-arp in this type of basic dual-nic mail server setup worked well > for me. May want to read up on that. > > > -C > > ok verified #1 - that looks cool. someone else mentioned a config param in your MTA to tell it what it's IP is. That's probably the easiest thing. did you say what MTA you were using?
good luck, -C ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
