I created a NAT Rule that forwards all traffic on port 25 from the external ip
address of xx.xx.xx.xx to the internal ip address of 10.10.30.xxx on port 25.
My problem is that all workstations on the internal network 10.10.30.X connect
resolve mail.domain.com to port 25 on the external ip address.
Using a external email client out side the network from a remote client works
with out issues. All the clients on the internal network have to be configures
to connect to the server directly by using the internal ip addresss for that
server in the smtp settings on their client. Any suggestions?
Here is my running config file
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: XX.XX.XX.49
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
address 10.0.0.65 {
prefix-length: 32
disable: false
}
}
ethernet eth0 {
disable: false
discard: false
description: ""
hw-id: 00:04:23:9f:42:30
duplex: "auto"
speed: "auto"
address XX.XX.XX.50 {
prefix-length: 29
disable: false
}
address XX.XX.XX.51 {
prefix-length: 29
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: ""
hw-id: 00:04:23:9f:42:31
duplex: "auto"
speed: "auto"
address 10.10.30.254 {
prefix-length: 24
disable: false
}
}
ethernet eth2 {
disable: true
discard: false
description: ""
hw-id: 00:0d:61:30:b2:30
duplex: "auto"
speed: "auto"
}
}
service {
dhcp-server {
shared-network-name lan1 {
subnet 10.10.30.0/24 {
start 10.10.30.1 {
stop: 10.10.30.254
}
static-mapping btpwrk03 {
ip-address: 10.10.30.3
mac-address: 00:06:5B:2C:4A:DD
}
static-mapping btpwrk02 {
ip-address: 10.10.30.2
mac-address: 00:0C:76:9F:62:F1
}
static-mapping btpwrk04 {
ip-address: 10.10.30.4
mac-address: 00:08:74:f6:06:80
}
static-mapping btpwrk05 {
ip-address: 10.10.30.5
mac-address: 00:0c:29:0a:89:5b
}
static-mapping btpwrk01 {
ip-address: 10.10.30.1
mac-address: 00:d0:b7:13:ce:de
}
static-mapping btpsrv01 {
ip-address: 10.10.30.240
mac-address: 00:05:8D:F7:77:9D
}
static-mapping btpweb01 {
ip-address: 10.10.30.251
mac-address: 00:0C:29:B2:7F:2D
}
static-mapping btpweb02 {
ip-address: 10.10.30.252
mac-address: 00:0C:29:B2:7F:2D
}
static-mapping btpwrk00 {
ip-address: 10.10.30.100
mac-address: 00:15:C5:45:F2:85
}
client-prefix-length: 24
dns-server 65.17.91.254
dns-server 65.16.215.254
default-router: 10.10.30.254
lease: 86400
domain-name: "internal.domain.local"
authoritative: "disable"
}
}
}
nat {
rule 1 {
type: "masquerade"
outbound-interface: "eth0"
source {
network: "XX.XX.XX.48/29"
}
}
rule 2 {
type: "masquerade"
outbound-interface: "eth0"
source {
network: "10.10.30.0/24"
}
}
rule 3 {
type: "masquerade"
outbound-interface: "eth0"
source {
network: "10.10.40.0/24"
}
}
rule 10 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 3390
}
inside-address {
address: 10.10.30.240
port-number: 3389
}
}
rule 11 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 3391
}
inside-address {
address: 10.10.30.251
port-number: 3389
}
}
rule 52 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 5052
}
inside-address {
address: 10.10.30.2
port-number: 5900
}
}
rule 53 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 5053
}
inside-address {
address: 10.10.30.3
port-number: 5900
}
}
rule 54 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 5054
}
inside-address {
address: 10.10.30.4
port-number: 5900
}
}
rule 55 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 5055
}
inside-address {
address: 10.10.30.5
port-number: 5900
}
}
rule 56 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 5056
}
inside-address {
address: 10.10.30.240
port-number: 5900
}
}
rule 80 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
destination {
address: "XX.XX.XX.50"
port-number 25
}
inside-address {
address: 10.10.30.251
port-number: 25
}
}
rule 81 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 110
}
inside-address {
address: 10.10.30.251
port-number: 110
}
}
rule 82 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 995
}
inside-address {
address: 10.10.30.251
port-number: 995
}
}
rule 83 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 465
}
inside-address {
address: 10.10.30.251
port-number: 465
}
}
rule 84 {
type: "destination"
inbound-interface: "eth0"
protocols: "udp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 25
}
inside-address {
address: 10.10.30.251
port-number: 25
}
}
rule 90 {
type: "destination"
inbound-interface: "eth0"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "XX.XX.XX.50"
port-number 32000
}
inside-address {
address: 10.10.30.251
port-number: 32000
}
}
}
ssh {
port: 22
protocol-version: "v2"
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
}
system {
host-name: "btpmfg-r1"
domain-name: "domain.com"
name-server 65.17.91.254
time-zone: "Chicago"
ntp-server "69.59.150.135"
login {
user root {
full-name: ""
authentication {
encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
}
}
user vyatta {
full-name: ""
authentication {
encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
}
}
}
package {
auto-sync: 1
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta";
}
}
}
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
