Welcome to ISAserver.org

Static NAT

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Wish List >> Static NAT

Page: [1]

Message

<< Older Topic Newer Topic >>

Static NAT - 12.Jan.2005 12:22:00 AM

Kerry.Kriegel

Posts: 30
Joined: 17.Sep.2004
From: Racine, Wisconsin
Status: offline

I have many IP addresses on my "Outside" NIC for multiple Websites, FTP Servers, etc. All of my domains incoming SMTP point to the same IP address and work just fine for inbound mail. My outbound mail is all NAT'd by ISA to a single IP address that I can not control. Who cares right? Well, with more and more SPAM fighters doing Reverse DNS lookups, I do. I can make my RDNS PTR match my domains mx a record, but now that means all of my clients web browsing AND all of my SMTP traffic is on the same IP.

I would like to be able to static NAT my inside mail server to a specific outside IP address.

Post #: 1

Featured Links*

RE: Static NAT - 14.Jan.2005 11:32:00 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi WANMAN,

Yep, we ALL want this and we've wanted it for the last five years [Frown]

Tom

(in reply to Kerry.Kriegel)

Post #: 2

RE: Static NAT - 26.Jan.2005 5:21:00 PM

zheka

Posts: 1
Joined: 3.Oct.2003
Status: offline

hi,

i am facing the same problem. have you found a workaround by any chance?

(in reply to Kerry.Kriegel)

Post #: 3

RE: Static NAT - 28.Jan.2005 2:42:00 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi GD,

There is a workaround, but you'll need public addresses on the host you want to map to.

HTH,
Tom

(in reply to Kerry.Kriegel)

Post #: 4

RE: Static NAT - 2.Feb.2005 11:08:00 PM

sasa.rasovic

Posts: 4
Joined: 2.Feb.2005
Status: offline

Will you please explain how this workaround works?

I assume you think of making a separate network object (for example DMZ) with public IP addresses of those machines, and then make a network rule to route instead of NAT communication. Am I right?

Sasa

[ February 02, 2005, 11:24 PM: Message edited by: sasa.rasovic ]

(in reply to Kerry.Kriegel)

Post #: 5

RE: Static NAT - 18.Feb.2005 5:08:00 AM

mayday175

Posts: 2
Joined: 2.Feb.2005
Status: offline

This thread seems to have ended prematurley... What was the workaround?!?

(in reply to Kerry.Kriegel)

Post #: 6

RE: Static NAT - 16.Jul.2005 9:37:00 PM

liddlem

Posts: 4
Joined: 16.Jul.2005
From: Mildura Australia
Status: offline

I have this exact issue and would also like to know what the workaround was

(in reply to Kerry.Kriegel)

Post #: 7

RE: Static NAT - 16.Jul.2005 11:08:00 PM

isawader

Posts: 420
Joined: 27.Apr.2005
Status: offline

quote:
What was the workaround?!?

There are two work arounds!

The first one is already explained by the original poster. If your emails are getting whacked by remote email servers performing reverse DNS lookups, you can bind the IP number of your emails server (the one on the MX record) as the primary IP number on ISA's external NIC. Now your email server's IP number will be properly resolved (RDNS) by the remote SMTP server. The disadvantage (or inconvenience), as the original poster explained, is that any outbound traffic will use your email server's IP number as source. For various reasons, you may want to avoid this setup.

The second approach, which Tom briefly mentioned, involves new External or DMZ Network. You supposed to move your mail relay to this Network and assign the public IP of the MX record to your email server. You should then create an access rule allowing your mail relay to send emails to External Network. You should take the second approach with the grain of salt. I haven't done this myself. I am just repeating what others have posted in this forum. One of these days when I have time, I will test this out in my lab network.

(in reply to Kerry.Kriegel)

Post #: 8