On 1/3/11 12:03 AM, Harry Lachanas wrote: > I have site A and site B both running shorewall and are connected to > each other via VPN > > Site A runs a Mail server that I wish to move temporarily to B and > configure shorewall to DNAT smtp connections on A -> B through VPN. > > DNAT operates correct and sends the smtp connection to B with no problem > > On B however > > shorewall complaints ( Correctly in my opinion ) about Martial source > since it receives smtp connection from the net while the default route > on the firewall is not the VPN interface .... ( tun )
Actually, your kernel complains -- Shorewall may have configured it to do so, however. > > Any thoughts on how to overcome this ??? > Three ideas: a) Update your MX record to point to B. b) Configure multi-ISP on system B so that it has multiple default routes. c) SNAT the forwarded traffic. I don't recommend this one for a mail server, though, since you lose the true identity of the sending host. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
