[afnog] Natting

SM sm at resistor.net
Fri Oct 17 08:50:23 UTC 2008


Hi Peter,
At 22:56 16-10-2008, Peter Nyamukusa wrote:
>This is very much possible I been having this kind of setup for many years,
>see logs from my firewall filter on one of my customers mail servers using
>Private IP behind NAT

I didn't say that the setup was not possible. :-)

>If you don't want to even waste your mail server you can even configure an
>ACL on your router and thus you have filtered as close to the source as
>possible

There's a downside when applying such ACLs for mail traffic.

Can you track down which emails were rejected if there are mail 
delivery issues?

Can you reject SMTP connections on reverse DNS patterns 
(user.dialup.example.com)?

Can your content filter do header checks correctly?

Regards,
-sm 





More information about the afnog mailing list