Koozali.org formerly Contribs.org

DNAT compatability

akscooter

DNAT compatability
« on: July 26, 2006, 11:47:15 PM »
Setup:


Server 1 - 192.168.2.1 LAN IP
     10.0.0.10 WANIP with a /24 asignment (not the actual IP address)

SME server - 192.168.2.13 LAN IP
     10.0.0.11 WANIP assigned via server 1


Problem:

Both servers are running as an email server, both are directly accessible from the net. But when a user@domain1 on server1 tries to send to user@domain2 on SME, the connection can not be oppened.

I've traced it to a routing issue, but not sure how to fix it.

When an email is being sent to Domain2, it reverses to the SME server's /24 Routable IP address.

When I try to telnet to domain2 via port 25, it also times out. But when I use the LAN IP, it connects.

I've tried to get emails from domain1 to be redirected to domain2 LAN IP using IPTables, but this has failed.

Using the hosts file, I put domain2 with the LAN IP address in, and that allows me to telnet directly to Domain2 via the WAN IP. But the email is still resolving to the wan IP and timing out.

I've also tried the Additinal IP HowTo, but it does not work on SME 6.5. I don't want to upgrade to 7 until after september, when the students that use this server will be out on break.

Does anyone have any suggestions as to how I should go about resolving this issue?

Thanks

Re: DNAT compatability
« Reply #1 on: July 27, 2006, 08:38:44 PM »
Quote from: "akscooter"

Both servers are running as an email server, both are directly accessible from the net.


I don't see how that can be possible since you say that they have 10.0.0.x addresses, which are not Internet addresses.

[/quote]
But when a user@domain1 on server1 tries to send to user@domain2 on SME, the connection can not be oppened.
[/quote]

What exactly do you mean by "the connection can not be oppened"? What do you see?

Quote

I've traced it to a routing issue, but not sure how to fix it.


What do you see which leads you to conclude that there is a routing issue?

akscooter

DNAT compatability
« Reply #2 on: July 27, 2006, 09:47:24 PM »
10.0.0.n was placed there because I'm not going to publish my public IP addresses.

The error returned is "the connection can not be oppened" no error number, just an entry into the log with the above string. This is on the server trying to send to the SME server.

When I try to telnet to port 25 on the external IP, it gets no response, as if the request packets are being dropped. But when I use the LAN ip, it connects no problem.

I am prety sure I simply need to add a second IP address, but the "Additional IP HowTo" refers to folders and files that are not present on the 6.5 server.

Thanks for you reply, and I'll try to give you any additional details.