From owner-freebsd-net  Tue Nov 17 08:44:32 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA03707
          for freebsd-net-outgoing; Tue, 17 Nov 1998 08:44:32 -0800 (PST)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from ns.wan (trltech.demon.co.uk [194.222.7.191])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA03678;
          Tue, 17 Nov 1998 08:44:24 -0800 (PST)
          (envelope-from richard@jezebel.demon.co.uk)
Received: from jezebel.demon.co.uk (rdls.dhcp.sw.wan [192.9.201.75])
	by ns.wan (8.8.8/8.8.8) with ESMTP id QAA11087;
	Tue, 17 Nov 1998 16:40:48 GMT
	(envelope-from richard@jezebel.demon.co.uk)
Message-ID: <3651A72B.D1F8E96D@jezebel.demon.co.uk>
Date: Tue, 17 Nov 1998 16:41:15 +0000
From: Richard Smith <richard@jezebel.demon.co.uk>
Organization: http://www.trltech.co.uk
X-Mailer: Mozilla 4.05 [en] (WinNT; I)
MIME-Version: 1.0
To: john cooper <john@isi.co.jp>
CC: freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, tfujii@isi.co.jp
Subject: Re: BIND/Mail/MX Question..
References: <98Nov18.005806jst.21890@ns.isi.co.jp>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

john cooper wrote:
>
[snip]
> 
> The trouble I'm having is that if I use:
> 
> isi.co.jp.      IN MX 50 ms.isi.co.jp. ; local mail host
>                 IN MX 100 ws.isi.co.jp.
> 
> where ms.isi.co.jp's address is internal [192.168.*], mail
> coming from outside our domain gets deflected to ws.isi.co.jp.
> sitting on the external side of the FW [202.214.*].

You shouldn't expose 192.168/16 outside of your intranet.

> As I understand, the MX record is required to relay mail from
> the FW/DNS server to the internal mail server.  However if
> this local MX info gets exposed externally, the above problem
> occurs.

FWIW, I run sendmail on the FW and use mailertable to route mail to the
'true' internal mail hub. If you only have one internal mail hub and you
are using natd, you could use a -redirect_port to point to the internal
mail hub. Either way, the external IP of the FW is exposed in the MX.

> This seems to me to be a fairly normal thing to do.  Would
> someone kindly clue me in on the standard way this is solved?
> 
> Thanks,
> 
> -john
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message

richard. 
_______________________________________________________________________
Richard Smith      Assistant Chief Engineer      TRL Technology Limited

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message