D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: crobison on December 07, 2009, 04:57:17 AM

Title: Nat issue with email server, sents emails through Firewall ip not email ip
Post by: crobison on December 07, 2009, 04:57:17 AM

I do not have the email server in the dmz, I have a static nat setup from a public ip 201.225.14.147 to private 192.168.0.69.  I receive and can send no problem, but the problem we have is that when I sent emails through the server it sends through the Firewall Ip 201.225.14.150.  Unfortunately some of these anti-spam devices see it as spam.  How can I get the emails to be sent out through the public ip 201.225.14.147?

Thanks...

Title: Re: Nat issue with email server, sents emails through Firewall ip not email ip
Post by: chechito on December 07, 2009, 09:36:09 AM

ON the NAT outbound IP rule, check the NAT options and select specify sender address, selecting the appropriated

Title: Re: Nat issue with email server, sents emails through Firewall ip not email ip
Post by: Fatman on December 07, 2009, 11:26:35 AM

The solution would be to use an "Allow" rule for your second rule.  If you are also using loopback on your port forward you will need to use a "FWD_Fast" for traffic coming from your LAN's second rule.

Title: Re: Nat issue with email server, sents emails through Firewall ip not email ip
Post by: crobison on December 08, 2009, 08:19:33 AM

Quote from: Fatman on December 07, 2009, 11:26:35 AM

The solution would be to use an "Allow" rule for your second rule.  If you are also using loopback on your port forward you will need to use a "FWD_Fast" for traffic coming from your LAN's second rule.

Basically I only have the SAT and Allow rule coming in
<IPRule Name="Incoming_ping" Action="Allow" SourceInterface="any" SourceNetwork="all-nets" DestinationInterface="wan" DestinationNetwork="InterfaceAddresses/wan_ip" Service="all_icmp" />
    <IPRule Name="Groupwise_remote" Action="SAT" SourceInterface="any" SourceNetwork="all-nets" DestinationInterface="any" DestinationNetwork="InterfaceAddresses/public_mail_ip" Service="all_services" SATTranslateToIP="InterfaceAddresses/mail_server_private_ip" />
    <IPRule Name="Groupwise_allow" Action="Allow" SourceInterface="any" SourceNetwork="all-nets" DestinationInterface="any" DestinationNetwork="InterfaceAddresses/public_mail_ip" Service="all_services" />
 
To fix the issue, from what I understand I would have to create a rule going out?

Title: Re: Nat issue with email server, sents emails through Firewall ip not email ip
Post by: Fatman on December 08, 2009, 09:27:44 AM

Change your destination interface on rule 1 to core.  Change your destination interface to WAN on rules 2 and 3 listed.  And add the following rule between your 2nd and 3rd rules.

Service: All-Services
Action: FWD_Fast
Source Interface: LAN
Source Network: LAN_Net
Destination Interface: WAN
Destination Network: public_mail_ip

Then create an outbound rule for your server before your existing outbound rules that specifies the correct public IP as the sender address for your mail servers traffic.  It will look something like the below.

Service: All-Services
Action: NAT
NAT_Sender_Address: mail_server_public_ip
Source Interface: LAN
Source Network: mail_server_private_ip
Destination Interface: WAN
Destination Network: all-nets

Turns out that chechito had read your original problem better than I had.