Routing Mail

Home Page Forums Network Management Networking Routing Mail

This topic contains 2 replies, has 0 voices, and was last updated by  kenadak 6 years, 9 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #40520

    kenadak
    Member

    I think I just found a VERY bad problem! I hope this is a simple mistake; but, when I use Virtual Server to route port 25 to my Mail Server, the ZeroShell Router Masquerades the Inbound traffic as it’s own! I need the router to Forward the unmodified IP Address to the Mailserver so that it knows NOT to Relay mail from the outside world! (I just had to delete > 150k Spam messages that my Mail server was happily forwarding! along with putting my IP address on the blacklist of most major ISPs!)

    So is it possible to setup a forwarding rule?

    I have a set of rules in the firewall section to distinguish between internal and external but with this adding the MASQUERADE rule.

    #45047

    imported_fulvio
    Participant

    I am sorry for the inconvenient, but when I had the idea to enable the MASQUERADE for the packets to be forwarded to a real server, I did it because I wanted the port forwarding also works fine when the clients are in the same IP subnet of the real servers. Now I understand this is not a good idea and I am going to remove this automatic setting in the next release.
    At moment you could add the following line in the file /etc/rc.local:

    iptables -t nat -D POSTROUTING -j SNATVS

    and then reboot the router.

    Regards
    Fulvio

    #45048

    kenadak
    Member

    I do appreciate the response. luckily I had the clients in a range from 1-128 and the server was above that so I just sub-netted the Mail server so that his “local network” didn’t include the router. this fixed it for this client but having the masquerade turned off for incoming packets would be good.

    #45049

    deltree
    Member

    Hi,
    I’m running a beta 16, and i have the same problem. I’ve set a rule for port forwarding to my mail server and the source address is translated…

    I’ve try to put
    iptables -t nat -D POSTROUTING -j SNATVS
    in rc.local but i still have the problem…

    Any idea ?

    Thanks

    SOLVED : I had put my LAN interface (ETH08) in “NAT Enabled Interfaces” … lol

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.