Hi!
I have an interesting problem. My mail server is on unit 192.168.0.7 and I want to do reverse lookups on the "sorbs" database, however the mail server sees all connections from 192.168.0.1 (Wingate).
So I got rid of my proxy SMTP incoming mapping on port 25 and set up a NAT port redirect in ENS instead. I retained my proxy outgoing mapping to our ISP's mailserver accepting connections from 192.168.0.1 and out on the external interface. All is fine here, but the mail server still sees all connections from 192.168.0.1 so I will not be able to use the reverse lookup feature of my mail server this way either.
But wait!!... I toggled the "Don't translate source IP" and bingo... the mail server logs show connections from the actual IP of the external mail server. The problem is is they connect and disconnect imediately and I receive no mail. (If I uncheck the settings the mail comes thruogh when the external mail server retries.) I have no setting in my mail server to accept from 192.168.0.1 only so I'm left to assume I'm replying as 192.168.0.1 externally or some such thing.
Someone suggested this was "SNAT" but I'm not really up on that (Hey, that rhymes).
Any ideas on how I can achieve this would be appreciated.
Thanks,
Bob
Nat "Don't Translate Source IP"
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Nat "Don't Translate Source IP"
by rleidt » Dec 12 03 7:49 am
- rleidt
- Posts: 4
- Joined: Dec 12 03 7:26 am
- Location: Canada
by genie » Dec 12 03 9:11 am
By default Wingate NAT does the translation of the source address to allow computers whose default gateway is not Wingate machine to communicate with inbound machines. However, under normal circumstances flag "Do not translate source" should be set in order to allow the requested machine see the real source IP of the caller.
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
by rleidt » Dec 12 03 9:37 am
Yes, I can see that happening. With the "do not translate" checked I clearly see the IP address of the external mail server both in the logs of the fileserver on 192.168.0.7 and in real time, but the connection time at the mail server is zero seconds and the external mail server seems to be dropped.
The log file says the remote mail server is doing the disconnect. It must not like what it sees.
I do get mail with the option unchecked, but I need the external mail servers address to do a reverse lookup from unit 192.168.0.7 that hosts our mail server.
I guess your answer is really not telling me anything I didn't already know but it fails to explain why it dosn't work or how to get the results I need. Could you please take a closer look at my original post? I think I'm doing exactly what you say, but it dosn't work. Am I missing a step?
Thanks.
Bob
The log file says the remote mail server is doing the disconnect. It must not like what it sees.
I do get mail with the option unchecked, but I need the external mail servers address to do a reverse lookup from unit 192.168.0.7 that hosts our mail server.
I guess your answer is really not telling me anything I didn't already know but it fails to explain why it dosn't work or how to get the results I need. Could you please take a closer look at my original post? I think I'm doing exactly what you say, but it dosn't work. Am I missing a step?
Thanks.
Bob
- rleidt
- Posts: 4
- Joined: Dec 12 03 7:26 am
- Location: Canada
by adrien » Dec 12 03 2:37 pm
The main reason for this sort of behaviour would be if your internal mail server on 192.168.4.7 did not use the WinGate machine as its default gateway.
In such cases, when setting up the TCP connection, the first (SYN) packet would come in from the internet to your mail server, which would start to set up a connection, but the response (SYN ACK) back from your mail server if it went back through a different internet gateway, would then have the wrong source IP, and be ignored by the other end breaking the connection.
Adrien
In such cases, when setting up the TCP connection, the first (SYN) packet would come in from the internet to your mail server, which would start to set up a connection, but the response (SYN ACK) back from your mail server if it went back through a different internet gateway, would then have the wrong source IP, and be ignored by the other end breaking the connection.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by rleidt » Dec 13 03 3:05 am
Adrien,
Bingo! The default gateway was blank. I filled it in on the 192.168.0.7 unit (WindowsXP) and it works!
Actually, when I read back, the answer was hidden in "genie"'s reply but I thought the DHCP Service set the default gateway and didn't question it.
Thanks sooo much. Great support!!
-Bob
Bingo! The default gateway was blank. I filled it in on the 192.168.0.7 unit (WindowsXP) and it works!
Actually, when I read back, the answer was hidden in "genie"'s reply but I thought the DHCP Service set the default gateway and didn't question it.
Thanks sooo much. Great support!!
-Bob
- rleidt
- Posts: 4
- Joined: Dec 12 03 7:26 am
- Location: Canada
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests