You have a few options.
1. Create an internal domain server that'll resolve the addresses to
an internal address
(I have an internal DNS for this reason, among others).
2. Set up a different name for the server, and add that to the DNS (e.g.,
companymail.domain.com)
3. Create a hosts entry on each system to map the local address (only
reasonable if
you don't have a huge number of systems, of course).
On Nov 7, 2007 3:12 PM, David Marrow Jr <[EMAIL PROTECTED]> wrote:
> I created a NAT Rule that forwards all traffic on port 25 from the external
> ip address of xx.xx.xx.xx to the internal ip address of 10.10.30.xxx on port
> 25. My problem is that all workstations on the internal network 10.10.30.X
> connect resolve mail.domain.com to port 25 on the external ip address.
>
> Using a external email client out side the network from a remote client
> works with out issues. All the clients on the internal network have to be
> configures to connect to the server directly by using the internal ip
> addresss for that server in the smtp settings on their client. Any
> suggestions?
>
> Here is my running config file
>
> protocols {
> static {
> disable: false
> route 0.0.0.0/0 {
> next-hop: XX.XX.XX.49
> metric: 1
> }
> }
> }
> policy {
> }
> interfaces {
> restore: false
> loopback lo {
> description: ""
> address 10.0.0.65 {
> prefix-length: 32
> disable: false
> }
> }
> ethernet eth0 {
> disable: false
> discard: false
> description: ""
> hw-id: 00:04:23:9f:42:30
> duplex: "auto"
> speed: "auto"
> address XX.XX.XX.50 {
> prefix-length: 29
> disable: false
> }
> address XX.XX.XX.51 {
> prefix-length: 29
> disable: false
> }
> }
> ethernet eth1 {
> disable: false
> discard: false
> description: ""
> hw-id: 00:04:23:9f:42:31
> duplex: "auto"
> speed: "auto"
> address 10.10.30.254 {
> prefix-length: 24
> disable: false
> }
> }
> ethernet eth2 {
> disable: true
> discard: false
> description: ""
> hw-id: 00:0d:61:30:b2:30
> duplex: "auto"
> speed: "auto"
> }
> }
> service {
> dhcp-server {
> shared-network-name lan1 {
> subnet 10.10.30.0/24 {
> start 10.10.30.1 {
> stop: 10.10.30.254
> }
> static-mapping btpwrk03 {
> ip-address: 10.10.30.3
> mac-address: 00:06:5B:2C:4A:DD
> }
> static-mapping btpwrk02 {
> ip-address: 10.10.30.2
> mac-address: 00:0C:76:9F:62:F1
> }
> static-mapping btpwrk04 {
> ip-address: 10.10.30.4
> mac-address: 00:08:74:f6:06:80
> }
> static-mapping btpwrk05 {
> ip-address: 10.10.30.5
> mac-address: 00:0c:29:0a:89:5b
> }
> static-mapping btpwrk01 {
> ip-address: 10.10.30.1
> mac-address: 00:d0:b7:13:ce:de
> }
> static-mapping btpsrv01 {
> ip-address: 10.10.30.240
> mac-address: 00:05:8D:F7:77:9D
> }
> static-mapping btpweb01 {
> ip-address: 10.10.30.251
> mac-address: 00:0C:29:B2:7F:2D
> }
> static-mapping btpweb02 {
> ip-address: 10.10.30.252
> mac-address: 00:0C:29:B2:7F:2D
> }
> static-mapping btpwrk00 {
> ip-address: 10.10.30.100
> mac-address: 00:15:C5:45:F2:85
> }
> client-prefix-length: 24
> dns-server 65.17.91.254
> dns-server 65.16.215.254
> default-router: 10.10.30.254
> lease: 86400
> domain-name: "internal.domain.local"
> authoritative: "disable"
> }
> }
> }
> nat {
> rule 1 {
> type: "masquerade"
> outbound-interface: "eth0"
> source {
> network: "XX.XX.XX.48/29"
> }
> }
> rule 2 {
> type: "masquerade"
> outbound-interface: "eth0"
> source {
> network: "10.10.30.0/24"
> }
> }
> rule 3 {
> type: "masquerade"
> outbound-interface: "eth0"
> source {
> network: "10.10.40.0/24"
> }
> }
> rule 10 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 3390
> }
> inside-address {
> address: 10.10.30.240
> port-number: 3389
> }
> }
> rule 11 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 3391
> }
> inside-address {
> address: 10.10.30.251
> port-number: 3389
> }
> }
> rule 52 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 5052
> }
> inside-address {
> address: 10.10.30.2
> port-number: 5900
> }
> }
> rule 53 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 5053
> }
> inside-address {
> address: 10.10.30.3
> port-number: 5900
> }
> }
> rule 54 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 5054
> }
> inside-address {
> address: 10.10.30.4
> port-number: 5900
> }
> }
> rule 55 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 5055
> }
> inside-address {
> address: 10.10.30.5
> port-number: 5900
> }
> }
> rule 56 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 5056
> }
> inside-address {
> address: 10.10.30.240
> port-number: 5900
> }
> }
> rule 80 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> destination {
> address: "XX.XX.XX.50"
> port-number 25
> }
> inside-address {
> address: 10.10.30.251
> port-number: 25
> }
> }
> rule 81 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 110
> }
> inside-address {
> address: 10.10.30.251
> port-number: 110
> }
> }
> rule 82 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 995
> }
> inside-address {
> address: 10.10.30.251
> port-number: 995
> }
> }
> rule 83 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 465
> }
> inside-address {
> address: 10.10.30.251
> port-number: 465
> }
> }
> rule 84 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "udp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 25
> }
> inside-address {
> address: 10.10.30.251
> port-number: 25
> }
> }
> rule 90 {
> type: "destination"
> inbound-interface: "eth0"
> protocols: "tcp"
> source {
> network: "0.0.0.0/0"
> }
> destination {
> address: "XX.XX.XX.50"
> port-number 32000
> }
> inside-address {
> address: 10.10.30.251
> port-number: 32000
> }
> }
> }
> ssh {
> port: 22
> protocol-version: "v2"
> }
> webgui {
> http-port: 80
> https-port: 443
> }
> }
> firewall {
> log-martians: "enable"
> send-redirects: "disable"
> receive-redirects: "disable"
> ip-src-route: "disable"
> broadcast-ping: "disable"
> syn-cookies: "enable"
> }
> system {
> host-name: "btpmfg-r1"
> domain-name: "domain.com"
> name-server 65.17.91.254
> time-zone: "Chicago"
> ntp-server "69.59.150.135"
> login {
> user root {
> full-name: ""
> authentication {
> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
> }
> }
> user vyatta {
> full-name: ""
> authentication {
> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
> }
> }
> }
> package {
> auto-sync: 1
> repository community {
> component: "main"
> url: "http://archive.vyatta.com/vyatta";
> }
> }
> }
>
> _______________________________________________
> Vyatta-users mailing list
> [email protected]
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
_______________________________________________
Vyatta-users mailing list
[email protected]
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
