we use a linux firewall with multiple external ip-addresses.let's say we have this:
webserver (www.blabla.com) : (ext)10.0.0.1 -> (int)172.99.0.2
mailserver (mail.blabla.com) : (ext)10.0.0.2 -> (int)172.99.1.2
this routings is done with simple port forwarding.
but if the mailserver sends a mail it uses the first external ip-address (10.0.0.1).
it works quite well, but some smtp-servers treat our mails as spam.
because 10.0.0.1 is not covered with mail.blabla.com (this is fix).
i read some thing about bidirectional nat to accomplish this:
pseudo logic:
if destination port == smpt and source is internal 172.99.1.2 {
set external address 10.0.0.2
}
do u know how to do it?
is this a way to do it:
iptables -t nat -A POSTROUTING -s $INTERNAL_NET -d ! $INTERNAL_NET -dport SMTP -j SNAT --to $EXTERNAL_IP
Best Answer
Yes, this is basically the firewall rule you need. Watch out, it's
--dport
, i.e. you need a double dash.An alternative would be to ask your ISP to put another reverse DNS record in place (also called PTR) for the second IP address, and then have a MX record using the same IP address with a higher value, so that delivery from outside is always attempted at the real server first.