What device do you use for NAT??

A Cisco Pix has a feature called "Alias" which will intercept incoming DNS responses and rewrite them with a new IP address - ideal for this situation (If you use Cisco)....

Aaron

-----Original Message-----
From: Pavel Urban [mailto:urbanpmlp.cz]
Sent: 24 October 2002 14:36
To: Wietse Venema
Cc: postfix-userspostfix.org
Subject: Re: postfix & NAT

Too bad. I was thinking about it (really ;-) and found out that it is
bigger problem. This approach requires to install separate internal DNS
only for this one mail relay. That doesn't sound very efficient... I
already have secondary DNS running on this machine, but it serves
thousands domains and they are added and removed dynamically. No luck
with BIND's views when I want to avoid modifying our internal programs,
then. There is only a small DMZ behind this NAT firewall, filled with
several servers - the rest of internal network is 'outside' it - so I
cannot simply add this record to internal DNSes. I just wanted to use
Postfix'es solution, but it seems like it isn't possible, too. Anybody
has another idea, maybe...? Thanks!

Wietse Venema wrote:
> This does not solve your problem.
>
> The problem is that the local IP address is not found when looking
> up the MX hosts. The fix is to have the local DNS return the local
> IP address for queries by a system behind the NAT router.
>
> Wietse
>
> Pavel Urban:
>
>>Hmm... this sounds fine. Is there something that I should be aware of
>>when I try this? IMHO it should be fine, but I'm really not Postfix
>>expert ;-)
>>
>>Noel Jones wrote:
>>
>>>If a static IP,
>>>mydestination = (whatever currently), [194.228.2.1]
>>>
>>>--
>>>Noel Jones
>>>
>>>>>>
>>>>>>we have backup MX relay behind NAT. It has public IP 194.228.2.1 and
>>>>>>internal IP from 10. network. How should I tell postfix that the
>>>>>
>>>public
>>>
>>>>>>address belongs to it?
>>>>>
>>>>>Not. Instead, you configure a DNS server to give inside addresses
>>>>>for inside hostnames in response to queries from inside machines,
>>>>>and to query the Internet for everything else.
>>>>>
>>>>>Wietse
>>>>
>>>>Ouch. I was hoping for more simple solution. This server is also DNS
>>>and
>>>>it sits in separate DMZ. Ok, I will try to set-up Bind views for it.

-- 
***********************************************************************
Pavel Urban (pavel.urbanhq.iol.cz)
IOL system disaster
Internet OnLine, www.iol.cz
***********************************************************************
    Vegetables should not operate electronic equipment.
           Computer Stupidities, http://rinkworks.com/stupid/
***********************************************************************
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]