Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jeepxo]

I've got 16 IP addresses from our ISP.
On the router I have x.x.x.181 setup as our outgoing and we have no problem getting access to the outside world.
Coming in I have figured out how to route traffic from the other IPs to the appropriate boxes.( mail comes in on .145, web traffic for this site comes in on 146, web traffic for another site on 147 etc)

I have a DNS entry for our mail server on .145 and a reverse dns for it on .145 however, it looks like when my mail server sends mail, it's connecting from .181

How do I set it so that traffic coming from internal 192.168.x.x (mail server) to appear to come from .145 instead of the routers address of .181?

[danilovav]

You can follow one from two ways

1) Make DMZ with transparent mode and set up your addresses on servers. In this case, you will have transparent control of server's traffic (like with NAT), but you will don't need to setup something special for each server.

2) You can use IP aliases and special NAT rules for each sever.

For this way, first, you should add IP alias (for each address)
- Add ARP publish on intreface WAN with additional IP address
- Add route into main - core <additional IP> 0

After, make special NAT rule before your "allow_standart" rule - lan/<internal IP> wan/all-nets instead of NAT rule. On "NAT" tab, check "Specify sender address" and input/select your IP for this server.

If you need symmetric NAT, make SAT/Allow rules lan/<internal IP> wan/all-nets, in SAT tule on "SAT" tab select "translate the source IP" and set <additional IP>. But i just found this way and didn't have time to fully test it.

For incoming connections, on SAT/Allow rules (make it as usual for port mapping) use core/<additional IP> in destination.


As for me, first way is more better (IMHO), especially if you use not only simple (one-connect) protols. For example, VoIP thru DFL's NAT working not so good as want