I had the same situation with a Linux firewall that I was configuring. After searching the net I found the solution was to include an entry in the iptables nat POSTROUTING chain that changed the source address of any internal access to the POP3 and SMTP ports of the mail servers private address to the firewall's private address.
Apparently for my setup of Linux and IPTABLES is that if an internal machine tries to get to the public address of the server the destination address gets mapped to the private address of the mail server, the source address stays as the private address. The mail server then responds directly to the internal client machine, but it is expecting to communicate with the public address of the mail server so ignores the response. The trick is to make the mail server talk to the firewall and the firewall will then pass the information back to the mail client. Here's an extract of the my iptables commands: iptables -A POSTROUTING -s 192.168.0.0/255.255.0.0 -d 192.168.0.35 -p tcp -m tcp --dport 110 -j SNAT --to-source 192.168.0.1 iptables -A POSTROUTING -s 192.168.0.0/255.255.0.0 -d 192.168.0.35 -p tcp -m tcp --dport 25 -j SNAT --to-source 192.168.0.1 192.168.0.35 is my mail server address and 192.168.0.1 is my firewall address I have other entries that map pop and smtp access on the firewalls public address to the servers private address. Bill >---------- >From: Jonas Hummelstrand[SMTP:[EMAIL PROTECTED]] >Sent: Saturday, November 03, 2001 4:07 PM >To: [EMAIL PROTECTED] >Subject: [xmail] Avoiding changing account setup > My gateway (public 217.215.74.165) portmaps the POP3 and SMTP ports to my XMail server (private 192.168.0.42). When I'm connected to the same LAN as the mailserver, I can't reach it by using its domain name "mail.hummelstrand.com" since that is "next hop" (at least that is what my colleague said was the reason for me not being able to surf or reach any service on the server by using the domainname pointing to the public IP 217.215.74.165). I can POP locally from XMail if I set up the mailclient on my laptop with the private IP for both POP3 and SMTP servers, but then I will have to change the settings every time I want to check my mail while I'm "on the outside", i.e. when I bring my laptop to work every day. The readme.txt mentions a number of examples of "home.bogus" domain, but I can't quite igure out if this applies to my problem. Thanks in advance, this was my third and hopefully final question... /Jonas Hummelstrand >
