- This topic is empty.
-
Posts
-
I think I just found a VERY bad problem! I hope this is a simple mistake; but, when I use Virtual Server to route port 25 to my Mail Server, the ZeroShell Router Masquerades the Inbound traffic as it’s own! I need the router to Forward the unmodified IP Address to the Mailserver so that it knows NOT to Relay mail from the outside world! (I just had to delete > 150k Spam messages that my Mail server was happily forwarding! along with putting my IP address on the blacklist of most major ISPs!)
So is it possible to setup a forwarding rule?
I have a set of rules in the firewall section to distinguish between internal and external but with this adding the MASQUERADE rule.
I am sorry for the inconvenient, but when I had the idea to enable the MASQUERADE for the packets to be forwarded to a real server, I did it because I wanted the port forwarding also works fine when the clients are in the same IP subnet of the real servers. Now I understand this is not a good idea and I am going to remove this automatic setting in the next release.
At moment you could add the following line in the file /etc/rc.local:iptables -t nat -D POSTROUTING -j SNATVS
and then reboot the router.
Regards
FulvioI do appreciate the response. luckily I had the clients in a range from 1-128 and the server was above that so I just sub-netted the Mail server so that his “local network” didn’t include the router. this fixed it for this client but having the masquerade turned off for incoming packets would be good.
Hi,
I’m running a beta 16, and i have the same problem. I’ve set a rule for port forwarding to my mail server and the source address is translated…I’ve try to put
iptables -t nat -D POSTROUTING -j SNATVS
in rc.local but i still have the problem…Any idea ?
Thanks
SOLVED : I had put my LAN interface (ETH08) in “NAT Enabled Interfaces” … lol
- You must be logged in to reply to this topic.