Archived from groups: comp.security.firewalls (
More info?)
John,
So in the advanced section of the NAT config add a dymanic NAT exception of
intenal_IP:external ?
It says in the Dynamic NAT section that the Dynamic exceptions to not apply to 1:1
NAT ??
But I see no other place for this exception you talk about
Thanks,
Dan
john <john@john.com> wrote:
>Make sure you set the IP address (internal one) in the exceptions tab.
>Setting up 1 to 1 nat will allow the translation for inbound, but will
>still have it using the public dynamic outbound nat. Put it in the
>exception, and it will start showing the IP you've assigned it via
>NAT. Just went through this with my new mail server when some places
>started doing reverse DNS lookups and it was failing for me since the
>outbound IP didn't match my DNS records.
>
>J
>
>On Sun, 02 May 2004 01:14:52 GMT, "flya750"
><flya750@hotmail.DELETE.com> wrote:
>
>>It's not that I want my external ip address not to show... It's just that
>>the one that shows is the external ip address of the external interface of
>>the firewall. Not the 1 to 1 NAT that I configured for the email server.
>>
>>Thanks for your response,
>>Dan
>>
>>"Leythos" <void@nowhere.com> wrote in message
>>news:MPG.1afdc150eeac70b798a496@news-server.columbus.rr.com...
>>> In article <RvSkc.6654$TD4.683447@attbi_s01>, flya750@hotmail.com
>>> says...
>>> > I have a slight issue...
>>> >
>>> > I have email message headers coming from the internal private IP (email
>>server) shows
>>> > the proxied ip address of the firewall external interface.
>>> >
>>> > Can anyone tell me how to configure a NAT for internal smtp server and
>>service that
>>> > does not show a public ip address of the external interface proxied.
>>???
>>> >
>>> > I have a watchguard firebox 700.
>>>
>>> If I understand you correctly, you have an internal mail server and when
>>> sending email to external servers you don't want your external IP
>>> address to show? If I understand, then you can't do it through the
>>> firewall, it's going to show the public address, it could not
>>> communicate with the other server without the other server knowing the
>>> public IP - they handshake communications, so it has to know the "real"
>>> address of the server.
>>>
>>> If you don't mind, why do you care if people know where the email came
>>> from? In most cases, if the email IP address doesn't resolve properly
>>> it's almost certainly spam or other junk mail - even virus's from
>>> private users compromised machines. RBL lists and RDNS is a good thing.
>>>
>>> --
>>> --
>>> spamfree999@rrohio.com
>>> (Remove 999 to reply to me)
>>