You have a few options. 1. Create an internal domain server that'll resolve the addresses to an internal address (I have an internal DNS for this reason, among others). 2. Set up a different name for the server, and add that to the DNS (e.g., companymail.domain.com) 3. Create a hosts entry on each system to map the local address (only reasonable if you don't have a huge number of systems, of course).
On Nov 7, 2007 3:12 PM, David Marrow Jr <[EMAIL PROTECTED]> wrote: > I created a NAT Rule that forwards all traffic on port 25 from the external > ip address of xx.xx.xx.xx to the internal ip address of 10.10.30.xxx on port > 25. My problem is that all workstations on the internal network 10.10.30.X > connect resolve mail.domain.com to port 25 on the external ip address. > > Using a external email client out side the network from a remote client > works with out issues. All the clients on the internal network have to be > configures to connect to the server directly by using the internal ip > addresss for that server in the smtp settings on their client. Any > suggestions? > > Here is my running config file > > protocols { > static { > disable: false > route 0.0.0.0/0 { > next-hop: XX.XX.XX.49 > metric: 1 > } > } > } > policy { > } > interfaces { > restore: false > loopback lo { > description: "" > address 10.0.0.65 { > prefix-length: 32 > disable: false > } > } > ethernet eth0 { > disable: false > discard: false > description: "" > hw-id: 00:04:23:9f:42:30 > duplex: "auto" > speed: "auto" > address XX.XX.XX.50 { > prefix-length: 29 > disable: false > } > address XX.XX.XX.51 { > prefix-length: 29 > disable: false > } > } > ethernet eth1 { > disable: false > discard: false > description: "" > hw-id: 00:04:23:9f:42:31 > duplex: "auto" > speed: "auto" > address 10.10.30.254 { > prefix-length: 24 > disable: false > } > } > ethernet eth2 { > disable: true > discard: false > description: "" > hw-id: 00:0d:61:30:b2:30 > duplex: "auto" > speed: "auto" > } > } > service { > dhcp-server { > shared-network-name lan1 { > subnet 10.10.30.0/24 { > start 10.10.30.1 { > stop: 10.10.30.254 > } > static-mapping btpwrk03 { > ip-address: 10.10.30.3 > mac-address: 00:06:5B:2C:4A:DD > } > static-mapping btpwrk02 { > ip-address: 10.10.30.2 > mac-address: 00:0C:76:9F:62:F1 > } > static-mapping btpwrk04 { > ip-address: 10.10.30.4 > mac-address: 00:08:74:f6:06:80 > } > static-mapping btpwrk05 { > ip-address: 10.10.30.5 > mac-address: 00:0c:29:0a:89:5b > } > static-mapping btpwrk01 { > ip-address: 10.10.30.1 > mac-address: 00:d0:b7:13:ce:de > } > static-mapping btpsrv01 { > ip-address: 10.10.30.240 > mac-address: 00:05:8D:F7:77:9D > } > static-mapping btpweb01 { > ip-address: 10.10.30.251 > mac-address: 00:0C:29:B2:7F:2D > } > static-mapping btpweb02 { > ip-address: 10.10.30.252 > mac-address: 00:0C:29:B2:7F:2D > } > static-mapping btpwrk00 { > ip-address: 10.10.30.100 > mac-address: 00:15:C5:45:F2:85 > } > client-prefix-length: 24 > dns-server 65.17.91.254 > dns-server 65.16.215.254 > default-router: 10.10.30.254 > lease: 86400 > domain-name: "internal.domain.local" > authoritative: "disable" > } > } > } > nat { > rule 1 { > type: "masquerade" > outbound-interface: "eth0" > source { > network: "XX.XX.XX.48/29" > } > } > rule 2 { > type: "masquerade" > outbound-interface: "eth0" > source { > network: "10.10.30.0/24" > } > } > rule 3 { > type: "masquerade" > outbound-interface: "eth0" > source { > network: "10.10.40.0/24" > } > } > rule 10 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 3390 > } > inside-address { > address: 10.10.30.240 > port-number: 3389 > } > } > rule 11 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 3391 > } > inside-address { > address: 10.10.30.251 > port-number: 3389 > } > } > rule 52 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 5052 > } > inside-address { > address: 10.10.30.2 > port-number: 5900 > } > } > rule 53 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 5053 > } > inside-address { > address: 10.10.30.3 > port-number: 5900 > } > } > rule 54 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 5054 > } > inside-address { > address: 10.10.30.4 > port-number: 5900 > } > } > rule 55 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 5055 > } > inside-address { > address: 10.10.30.5 > port-number: 5900 > } > } > rule 56 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 5056 > } > inside-address { > address: 10.10.30.240 > port-number: 5900 > } > } > rule 80 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > destination { > address: "XX.XX.XX.50" > port-number 25 > } > inside-address { > address: 10.10.30.251 > port-number: 25 > } > } > rule 81 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 110 > } > inside-address { > address: 10.10.30.251 > port-number: 110 > } > } > rule 82 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 995 > } > inside-address { > address: 10.10.30.251 > port-number: 995 > } > } > rule 83 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 465 > } > inside-address { > address: 10.10.30.251 > port-number: 465 > } > } > rule 84 { > type: "destination" > inbound-interface: "eth0" > protocols: "udp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 25 > } > inside-address { > address: 10.10.30.251 > port-number: 25 > } > } > rule 90 { > type: "destination" > inbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "XX.XX.XX.50" > port-number 32000 > } > inside-address { > address: 10.10.30.251 > port-number: 32000 > } > } > } > ssh { > port: 22 > protocol-version: "v2" > } > webgui { > http-port: 80 > https-port: 443 > } > } > firewall { > log-martians: "enable" > send-redirects: "disable" > receive-redirects: "disable" > ip-src-route: "disable" > broadcast-ping: "disable" > syn-cookies: "enable" > } > system { > host-name: "btpmfg-r1" > domain-name: "domain.com" > name-server 65.17.91.254 > time-zone: "Chicago" > ntp-server "69.59.150.135" > login { > user root { > full-name: "" > authentication { > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > } > } > user vyatta { > full-name: "" > authentication { > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > } > } > } > package { > auto-sync: 1 > repository community { > component: "main" > url: "http://archive.vyatta.com/vyatta" > } > } > } > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users