Date: Tue, 20 Mar 2001 11:27:47 -0500 (EST) From: Peter Brezny <peter@black.purplecat.net> To: freebsd-net@freebsd.org Cc: Peter Brezny <peter@black.purplecat.net> Subject: An interesting static nat problem. Message-ID: <Pine.BSF.4.05.10103201126550.13771-100000@black.purplecat.net>
next in thread | raw e-mail | index | archive | help
I've recently run into an interesting problem. I've got an external machine x.x.x.y running static nat on it's external interface to translate x.x.x.x to 10.30.1.20 on the inside. The 10.30.1.20 machine runs a mail server. This external machine is also configured as a secondary mx for the internal machine. Now you may see my problem. When the internal machine is down, or in this case, i'm waiting for the dns to propigate, things don't do well. Currently when mail is sent to the internal machine, it first lands on the external x.x.x.y machine, which looks at it's dns information and figures out that it's not the best preference mx, and says, no problem, i'll just pass it on to x.x.x.x. However in this case, x.x.x.x is bound locally as a static nat address, and since the packet didn't originate from the outside, it never went through the natd interface and never got translated. The obvious answer is to _not_ use x.x.x.x as a secondary, but now that the whole world knows it is, i'm kind of in trouble. I attempted to forward all traffice heading to x.x.x.x _after_ the divert rule to 10.30.1.20 but it's not working. I used this rule Immediately after the divert rule _before_ any other allow rules, but the packet that originates locally still makes it to the mail server on the local machine. $fwcmd add fwd 10.30.1.20 ip from any to x.x.x.x Should this work? Either way, the fwd rule doesn't seem to be sending the packet on to 10.30.1.20. A ping on the external machine shows a time that's clearly local. Any clarification on this issue, and a solution if out there would be greatly appreciated. TIA pb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10103201126550.13771-100000>