Couldn't you just add the domains that you are talking about to the
~control/smtproutes file?
domain:iptorouteto is the format.
You could do:
domain.com:192.168.0.23
(Which would force the any mail delivered to domain.com to the private Ip
address)?
Would that work?
--
Laurence Brockman
Unix Administrator
Videon Cablesystems Alberta Inc
10450-178 St.
Edmonton, AB
T5S 1S2
[EMAIL PROTECTED]
(780) 486-6527
-----Original Message-----
From: MIS - Ben Murphy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 21, 2001 1:31 PM
To: Mailing List - Qmail (E-mail); Mailing Lists - Linux Masq (E-mail)
Subject: Qmail + NAT
Hi All,
Although the problems described below fall in both categories of
networking/firewalling & qmail,
I posted here, in the hope that someone could cast a qmail perspective on
this, in case there
is an obvious way around the problem.
Got an issue with NAT, maybe someone could advise...
I have two small networks both running Qmail.
The first...
...has a single linux firewall. It has a bunch of ip addresses aliased on
the outside interface.
Each of the ip addresses has a service assigned to it, such as qmail-smtp or
qmail-pop on ports 25 and 110
respectively, and using ipmasqadm portfw, they are forwarded to the machines
behind the firewall.
The qmail box behind the firewall talks to the local dns server on the
network and generall works fine.
It receives mail, allows relaying for users etc.
The second...
...has twin RedHat LVS clustering firewall/routers, these provide clustering
services to the network.
Again in a similar fashion to the first network, all ip addresses get bound
to the the current lvs router.
This then uses ipvs to again forward the packets to the relevant internal
hosts.
The problem arises when the qmail box attempts to forward mail to itself.
It does the dns lookup, and resolves the real internet ip which is bound to
the firewall or cluster router,
which is correct. However it is unable to connect to the external ip, as it
is behind the NAT firewall or cluster router.
And unfortunately NAT in RH 6.2 (and others) it would appear does not appear
to allow effectively a NAT'd box to maquerade
out of the NAT router, and then connect to the NAT router port 25, and then
forward back internally.
As such, I need a workaround. Anyone?
I have thought possibly these would be solutions, but none of them exactly
nice...
a) a qmail box outside the nat would do the trick, and have all mail from
the NAT'd qmail box relay through there.
b) put a dns server within the NAT'd network, and set all mx records to the
internal ip.
c) use the program 'redir' to re-forward the packets back still using
ipmasqadm portfw as well.... (tried that didn't work)
Any help would be appreciated.
Thanks,
Ben Murphy,
murphx Innovative Solutions
