[afnog] Natting
Peter Nyamukusa
peter.nyamukusa at africaonline.co.tz
Fri Oct 17 05:56:40 UTC 2008
Hi SM,
This is very much possible I been having this kind of setup for many years,
see logs from my firewall filter on one of my customers mail servers using
Private IP behind NAT
Oct 17 08:56:31 mail kernel: Connection attempt (PRIV): IN=eth0 OUT=
MAC=00:01:2e:13:80:c7:00:15:62:9d:55:1d:08:00 SRC=196.x.x.62
DST=10.85.13.200 LEN=56 TOS=0x10 PREC=0x00 TTL=43 ID=4353 DF PROTO=TCP
SPT=53241 DPT=25 WINDOW=64240 RES=0x00 SYN URGP=0
If you don't want to even waste your mail server you can even configure an
ACL on your router and thus you have filtered as close to the source as
possible
Cheers,
Peter
-----Original Message-----
From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of
SM
Sent: Friday, October 17, 2008 12:42 AM
To: Hyeroba Peter; afnog at afnog.org
Subject: Re: [afnog] Natting
At 04:30 16-10-2008, Hyeroba Peter wrote:
>After Inserting the information, Nat is actually working, when I issue the
>commands to show IP nat translations, I can actually see that port 25
>traffic is actually forwarded to my mail server.
It's not a good idea to use nat translation for incoming port 25
traffic as the mail server cannot be configured to filter on source
IP address then. The mail server might even act as an open relay.
Regards,
-sm
_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog
More information about the afnog
mailing list