Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT? - Firewalls

This is a discussion on Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT? - Firewalls ; We have two mail servers: one for incoming mail and one for outgoing, and both are behind Firewall-1. I want them to be seen on the Internet as a single IP address. Can I have a single common public address ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT?

  1. Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT?

    We have two mail servers: one for incoming mail and one for outgoing, and
    both are behind Firewall-1. I want them to be seen on the Internet as a
    single IP address. Can I have a single common public address that exists
    both in a static and hidden translation rule at the same time?

    I would configure the incoming mail server with a static rule, so that
    incoming packets to that public IP get directed by the firewall to the
    incoming mail server. I would configure the outgoing mail server with a
    hidden automatic NAT rule that points to the same public IP, so that
    outgoing packets from that mail server get NAT'd to the common public IP.

    I know this works for more than one host to share one public IP using hidden
    translation, but I don't know yet if it would work with a single public IP
    using both a static and hidden rule. Any advice on this is appreciated.

    --
    Will





  2. Re: Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT?

    Will wrote:
    : We have two mail servers: one for incoming mail and one for outgoing, and
    : both are behind Firewall-1. I want them to be seen on the Internet as a
    : single IP address. Can I have a single common public address that exists
    : both in a static and hidden translation rule at the same time?

    Try using a normal automatic static setup for the inbound connection and setup a
    manual rule with a hide rule for the outbound connection.

    Lars

  3. Re: Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT?

    Lookup "smtp security server" in the help files, you'll need that to get the
    incoming mail traffic working. If you're not sure, check CD2 and the \Docs
    directory.

    Wayne McGlinn
    Brisbane, Oz

    "Will" wrote in message
    news:G8mdnamF3YQfcpvVnZ2dnUVZ_tyknZ2d@giganews.com ...
    > We have two mail servers: one for incoming mail and one for outgoing, and
    > both are behind Firewall-1. I want them to be seen on the Internet as a
    > single IP address. Can I have a single common public address that
    > exists both in a static and hidden translation rule at the same time?
    >
    > I would configure the incoming mail server with a static rule, so that
    > incoming packets to that public IP get directed by the firewall to the
    > incoming mail server. I would configure the outgoing mail server with a
    > hidden automatic NAT rule that points to the same public IP, so that
    > outgoing packets from that mail server get NAT'd to the common public IP.
    >
    > I know this works for more than one host to share one public IP using
    > hidden translation, but I don't know yet if it would work with a single
    > public IP using both a static and hidden rule. Any advice on this is
    > appreciated.
    >
    > --
    > Will
    >
    >
    >
    >



  4. Re: Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT?

    Wayne wrote:
    : Lookup "smtp security server" in the help files, you'll need that to get the
    : incoming mail traffic working. If you're not sure, check CD2 and the \Docs
    : directory.

    I guess the reasons he wants to do this is because he wants to put an
    extra email filtering box in the mail flow? He didn't specify, but it's
    a very common thing to do now. The SMTP Security Server used to be very
    widely used a few years ago. As the years passed, the spam problem
    increased while the SMTP Securiy Server remained unchanged.

    You can still use the SMTP Sercuriy server in front of your spam
    filtering server but you'll loose potential functionality such as
    delaying (also known as greylisting), DNSBL, HELO blacklisting and you
    won't be able to block emails at the SMTP level that will avoid your
    systems from sending faulty NDRs.

    Lars

+ Reply to Thread