Loading ...
Sorry, an error occurred while loading the content.

RE: FW: Virtual Interface

Expand Messages
  • Marcel Grandemange
    On Tue, Sep 2, 2008 at 1:48 PM, Marcel Grandemange ... this is the second time in a month that someone has asked this type of question. why would other
    Message 1 of 16 , Sep 3, 2008
    • 0 Attachment
      On Tue, Sep 2, 2008 at 1:48 PM, Marcel Grandemange
      <thavinci@...> wrote:
      >
      >
      > I have a server that has one real ip and a virtual second ip.
      >
      > Both are connected to the same isp but have different addresses.
      >
      >
      >
      > The plan was one is used for all normall traffic but the second only for
      > mail.
      >
      >
      >
      > This is not working so, when a user sends mail postfix uses the main ip
      > address to send from, this creates an issue as there is someone on the
      > internal network running there own smtp server and sending spam.
      >
      > This results in the main address being blacklisted and our mail server as
      > well.
      >

      this is the second time in a month that someone has asked this type of
      question.
      why would other administrators help you continue to send spam to us??

      block outbound SMTP from hosts that should not send it.


      We operate a WISP and intend to take measures to prevent the spam but we
      need the mail server operational while we resolve the issue.
      You cannot simply block outgoing smtp, will have to del with hundreds off
      calls.
      We have a plan, but wasn't the question, to stop the spam we have a plan but
      to get postfix to use second ip we don't.

      Ive been following different setups , and everytime spotfix insists on using
      main interface to send mail.

      em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
      options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
      ether 00:30:48:90:c8:28
      inet 196.212.65.186 netmask 0xfffffff8 broadcast 196.212.65.191
      inet 196.212.65.187 netmask 0xfffffff8 broadcast 196.212.65.191
      media: Ethernet autoselect (100baseTX <full-duplex>)
      status: active


      196.212.65.186 is nated and all normall traffic goes through that.
      196.212.65.187 is for mail only.

      When ever a mail gets sent it uses 196.212.65.186

      That is blacklisted, and the problem goes further than that.

      Ive tried to do this....
      inet_interfaces = 196.212.65.187, 127.0.0.1

      No joy, binds to those interfaces but sends mail through 196.212.65.187



      >
      >
      > If postfix could simply send mail from the virtual address our issues
      would
      > be solved as main interface can be blacklisted and wont effect our mail
      > server.
      >

      that doesn't solve the problem you are creating for the rest of the
      world. it also won't solve your problem, your whole netblock will end
      up blacklisted eventually.

      >
      >
      >
      >
      > Help!?

      __________ NOD32 3407 (20080902) Information __________

      This message was checked by NOD32 antivirus system.
      http://www.eset.com
    • Marcel Grandemange
      On Tue, Sep 2, 2008 at 1:48 PM, Marcel Grandemange ... We operate a WISP and intend to take measures to prevent the spam but we need the mail server
      Message 2 of 16 , Sep 3, 2008
      • 0 Attachment
        On Tue, Sep 2, 2008 at 1:48 PM, Marcel Grandemange
        <thavinci@...> wrote:
        >
        >
        > I have a server that has one real ip and a virtual second ip.
        >
        > Both are connected to the same isp but have different addresses.
        >
        >
        >
        > The plan was one is used for all normall traffic but the second only for
        > mail.
        >
        >
        >
        > This is not working so, when a user sends mail postfix uses the main ip
        > address to send from, this creates an issue as there is someone on the
        > internal network running there own smtp server and sending spam.
        >
        > This results in the main address being blacklisted and our mail server as
        > well.
        >

        >this is the second time in a month that someone has asked this type of
        >question.
        >why would other administrators help you continue to send spam to us??

        >block outbound SMTP from hosts that should not send it.


        We operate a WISP and intend to take measures to prevent the spam but we
        need the mail server operational while we resolve the issue.
        You cannot simply block outgoing smtp, will have to del with hundreds off
        calls.
        We have a plan, but wasn't the question, to stop the spam we have a plan but
        to get postfix to use second ip we don't.

        Ive been following different setups , and everytime spotfix insists on using
        main interface to send mail.

        em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
        ether 00:30:48:90:c8:28
        inet 196.212.65.186 netmask 0xfffffff8 broadcast 196.212.65.191
        inet 196.212.65.187 netmask 0xfffffff8 broadcast 196.212.65.191
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active


        196.212.65.186 is nated and all normall traffic goes through that.
        196.212.65.187 is for mail only.

        When ever a mail gets sent it uses 196.212.65.186

        That is blacklisted, and the problem goes further than that.

        Ive tried to do this....
        inet_interfaces = 196.212.65.187, 127.0.0.1

        >No joy, binds to those interfaces but sends mail through 196.212.65.187
        Correction through 196.212.65.186, I need it to go through 196.212.65.187


        >
        >
        > If postfix could simply send mail from the virtual address our issues
        would
        > be solved as main interface can be blacklisted and wont effect our mail
        > server.
        >

        that doesn't solve the problem you are creating for the rest of the
        world. it also won't solve your problem, your whole netblock will end
        up blacklisted eventually.

        >
        >
        >
        >
        > Help!?

        __________ NOD32 3407 (20080902) Information __________

        This message was checked by NOD32 antivirus system.
        http://www.eset.com



        __________ NOD32 3407 (20080902) Information __________

        This message was checked by NOD32 antivirus system.
        http://www.eset.com
      • Colin Campbell
        Hi, On Wed, 2008-09-03 at 09:32 +0200, Marcel Grandemange wrote: [stuff deleted] ... What do you mean is nated ? Where? By whom? ... So, have you tried
        Message 3 of 16 , Sep 3, 2008
        • 0 Attachment
          Hi,

          On Wed, 2008-09-03 at 09:32 +0200, Marcel Grandemange wrote:

          [stuff deleted]
          >
          > Ive been following different setups , and everytime spotfix insists on using
          > main interface to send mail.
          >
          > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
          > options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
          > ether 00:30:48:90:c8:28
          > inet 196.212.65.186 netmask 0xfffffff8 broadcast 196.212.65.191
          > inet 196.212.65.187 netmask 0xfffffff8 broadcast 196.212.65.191
          > media: Ethernet autoselect (100baseTX <full-duplex>)
          > status: active
          >
          >
          > 196.212.65.186 is nated and all normall traffic goes through that.

          What do you mean "is nated"? Where? By whom?

          > 196.212.65.187 is for mail only.
          >
          > When ever a mail gets sent it uses 196.212.65.186
          >
          > That is blacklisted, and the problem goes further than that.
          >
          > Ive tried to do this....
          > inet_interfaces = 196.212.65.187, 127.0.0.1

          So, have you tried "smtp_bind_address" as has been suggested several
          times? I have a stack of machines with multiple IPs. I use
          smtp_bind_address to ensure email comes out on the address I want.

          Colin
          --
          Colin Campbell
          Unix Support/Postmaster/Hostmaster
          Citec
          +61 7 3227 6334
        • mouss
          ... please stop talking about interface . if you have a problem related to interfaces, ask on your OS forum. ... blacklisted where? ... I guess you mean .186.
          Message 4 of 16 , Sep 3, 2008
          • 0 Attachment
            Marcel Grandemange wrote:
            > Ive been following different setups , and everytime spotfix insists on using
            > main interface to send mail.

            please stop talking about "interface". if you have a problem related to
            interfaces, ask on your OS forum.

            >
            > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
            > options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
            > ether 00:30:48:90:c8:28
            > inet 196.212.65.186 netmask 0xfffffff8 broadcast 196.212.65.191
            > inet 196.212.65.187 netmask 0xfffffff8 broadcast 196.212.65.191
            > media: Ethernet autoselect (100baseTX <full-duplex>)
            > status: active
            >
            >
            > 196.212.65.186 is nated and all normall traffic goes through that.
            > 196.212.65.187 is for mail only.
            >
            > When ever a mail gets sent it uses 196.212.65.186
            >
            > That is blacklisted, and the problem goes further than that.

            blacklisted where?

            >
            > Ive tried to do this....
            > inet_interfaces = 196.212.65.187, 127.0.0.1
            >
            > No joy, binds to those interfaces but sends mail through 196.212.65.187

            I guess you mean .186.

            Please do

            # postconf -e smtp_bind_address=196.212.65.187
            # postfix stop
            # postfix start

            then send a new test mail and see which IP is being used. you can send
            me a message so that I see which IP is being used.

            if you still have problems, post the output of 'postconf -n' and the
            contents of master.cf. feel free to hide private infos, but do so
            coherently. also tell us which OS is this.

            Make sure your NAT implementation does not nat your smtp traffic.
          • Marcel Grandemange
            ... using ... options=19b ... A few bll lists. ... # postconf -e smtp_bind_address=196.212.65.187 #
            Message 5 of 16 , Sep 3, 2008
            • 0 Attachment
              Marcel Grandemange wrote:
              > Ive been following different setups , and everytime spotfix insists on
              using
              > main interface to send mail.

              >please stop talking about "interface". if you have a problem related to
              >interfaces, ask on your OS forum.

              >
              > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
              >
              options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
              > ether 00:30:48:90:c8:28
              > inet 196.212.65.186 netmask 0xfffffff8 broadcast 196.212.65.191
              > inet 196.212.65.187 netmask 0xfffffff8 broadcast 196.212.65.191
              > media: Ethernet autoselect (100baseTX <full-duplex>)
              > status: active
              >
              >
              > 196.212.65.186 is nated and all normall traffic goes through that.
              > 196.212.65.187 is for mail only.
              >
              > When ever a mail gets sent it uses 196.212.65.186
              >
              > That is blacklisted, and the problem goes further than that.

              >blacklisted where?

              A few bll lists.

              >
              > Ive tried to do this....
              > inet_interfaces = 196.212.65.187, 127.0.0.1
              >
              > No joy, binds to those interfaces but sends mail through 196.212.65.187

              >I guess you mean .186.

              >Please do

              # postconf -e smtp_bind_address=196.212.65.187
              # postfix stop
              # postfix start

              >then send a new test mail and see which IP is being used. you can send
              >me a message so that I see which IP is being used.

              done

              >if you still have problems, post the output of 'postconf -n' and the
              >contents of master.cf. feel free to hide private infos, but do so
              >coherently. also tell us which OS is this.

              [root@r63 /home/thavinci]# postconf -n
              command_directory = /usr/local/sbin
              config_directory = /usr/local/etc/postfix
              content_filter = scan:127.0.0.1:10025
              daemon_directory = /usr/local/libexec/postfix
              debug_peer_level = 2
              html_directory = no
              mail_owner = postfix
              mailq_path = /usr/local/bin/mailq
              manpage_directory = /usr/local/man
              maps_rbl_domains = zen.spamhaus.org bl.spamcop.net
              dnsbl.sorbs.net
              message_size_limit = 20971520
              mydestination =
              mynetworks = 127.0.0.0/8, 192.168.0.0/16, 172.32.0.0/16
              mynetworks_style = host
              myorigin = r63.co.za
              newaliases_path = /usr/local/bin/newaliases
              queue_directory = /var/spool/postfix
              readme_directory = no
              receive_override_options = no_address_mappings
              sample_directory = /usr/local/etc/postfix
              sendmail_path = /usr/local/sbin/sendmail
              setgid_group = maildrop
              smtp_bind_address = 196.212.65.187
              smtpd_banner = $myhostname ESMTP ***No Unathorised Use Of This Service***
              smtpd_delay_reject = yes
              smtpd_helo_required = yes
              smtpd_helo_restrictions = reject_invalid_hostname, permit
              smtpd_recipient_restrictions = permit_mynetworks,reject_non_fqdn_recipient,
              check_client_access hash:/usr/local/etc/postfix/pop-before-smtp,
              reject_unauth_destination, reject_non_fqdn_sender,
              reject_non_fqdn_recipient, reject_rbl_client zen.spamhaus.org,
              reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net
              unknown_local_recipient_reject_code = 550
              virtual_alias_maps =
              mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
              virtual_gid_maps = static:125
              virtual_mailbox_base = /var/mail
              virtual_mailbox_domains =
              mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
              virtual_mailbox_limit = 102400000
              virtual_mailbox_maps =
              mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
              virtual_minimum_uid = 125
              virtual_transport = virtual
              virtual_uid_maps = static:125


              OS = FreeBSD r63.co.za 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Aug 30
              15:50:44 SAST 2008 thavinci@:/usr/src/sys/amd64/compile/thavinci amd64

              Master.cf is pretty much stock except this at end....

              # AV scan filter (used by content_filter)
              scan unix - - n - 16 smtp
              -o smtp_send_xforward_command=yes

              # For injecting mail back into postfix from the filter
              127.0.0.1:10026 inet n - n - 16 smtpd
              -o content_filter=
              -o
              receive_override_options=no_unknown_recipient_checks,no_header_body_checks
              -o smtpd_helo_restrictions=
              -o smtpd_client_restrictions=
              -o smtpd_sender_restrictions=
              -o smtpd_recipient_restrictions=permit_mynetworks,reject
              -o mynetworks_style=host
              -o smtpd_authorized_xforward_hosts=127.0.0.0/8
              retry unix - - n - - error




              >Make sure your NAT implementation does not nat your smtp traffic.

              Im starting to wonder if this isn't the case...
              However would be confusing to me if it is!

              And Thanks guys for trying to help!
              I might be a bit moody, but im sure you understand the pressure when things
              like this happens!
              Thank You!

              __________ NOD32 3407 (20080902) Information __________

              This message was checked by NOD32 antivirus system.
              http://www.eset.com
            • mouss
              ... it came out from 196.212.65.186. ... This is risky. better put it in master.cf for those listeners that should not do address rewrite. otherwise, if you
              Message 6 of 16 , Sep 3, 2008
              • 0 Attachment
                Marcel Grandemange wrote:

                >> Please do
                >
                > # postconf -e smtp_bind_address=196.212.65.187
                > # postfix stop
                > # postfix start
                >
                >> then send a new test mail and see which IP is being used. you can send
                >> me a message so that I see which IP is being used.
                >
                > done
                >

                it came out from 196.212.65.186.

                >> if you still have problems, post the output of 'postconf -n' and the
                >> contents of master.cf. feel free to hide private infos, but do so
                >> coherently. also tell us which OS is this.
                >
                > [root@r63 /home/thavinci]# postconf -n
                > [snip]
                > receive_override_options = no_address_mappings

                This is risky. better put it in master.cf for those listeners that
                should not do address rewrite. otherwise, if you disable filtering,
                you'll forget this and you'll spend hours trying to figure out why your
                virtual and friends aren't used...


                >
                > smtp_bind_address = 196.212.65.187

                so the setting is there.

                > [snip]
                > mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

                consider using proxymap (add proxy: just before mysql:). check the docs
                for more infos.

                > [snip]
                >
                >
                > OS = FreeBSD r63.co.za 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Aug 30
                > 15:50:44 SAST 2008 thavinci@:/usr/src/sys/amd64/compile/thavinci amd64
                >
                > Master.cf is pretty much stock except this at end....

                Make sure there is no option there that overrides smtp_bind_address.


                >> Make sure your NAT implementation does not nat your smtp traffic.
                >
                > Im starting to wonder if this isn't the case...
                > However would be confusing to me if it is!
                >

                looks like it may be the case. which NAT do you use? is it an external
                box or is it pf or ipf on the same box (with pf or ipf, use pfctl or
                ipnat to see nat rules and states).

                if you can disable NAT while you run a test, do so (you can still send
                me test mail).

                you can tcpdump while you send mail (feel free to send it to me) and see
                which source IP is used.

                > And Thanks guys for trying to help!
                > I might be a bit moody, but im sure you understand the pressure when things
                > like this happens!

                yep. good luck.
              • Marcel Grandemange
                ... Yup :/ ... Will do some research there, thanks! ... yup ... Will do.. ... amd64 ... Posting entire file just in case: # # Postfix master process
                Message 7 of 16 , Sep 3, 2008
                • 0 Attachment
                  >> Please do
                  >
                  > # postconf -e smtp_bind_address=196.212.65.187
                  > # postfix stop
                  > # postfix start
                  >
                  >> then send a new test mail and see which IP is being used. you can send
                  >> me a message so that I see which IP is being used.
                  >
                  > done
                  >

                  >it came out from 196.212.65.186.

                  Yup :/

                  >> if you still have problems, post the output of 'postconf -n' and the
                  >> contents of master.cf. feel free to hide private infos, but do so
                  >> coherently. also tell us which OS is this.
                  >
                  > [root@r63 /home/thavinci]# postconf -n
                  > [snip]
                  > receive_override_options = no_address_mappings

                  >This is risky. better put it in master.cf for those listeners that
                  >should not do address rewrite. otherwise, if you disable filtering,
                  >you'll forget this and you'll spend hours trying to figure out why your
                  >virtual and friends aren't used...

                  Will do some research there, thanks!

                  >
                  > smtp_bind_address = 196.212.65.187

                  >so the setting is there.

                  yup

                  > [snip]
                  > mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

                  >consider using proxymap (add proxy: just before mysql:). check the docs
                  >for more infos.

                  Will do..

                  > [snip]
                  >
                  >
                  > OS = FreeBSD r63.co.za 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Aug 30
                  > 15:50:44 SAST 2008 thavinci@:/usr/src/sys/amd64/compile/thavinci
                  amd64
                  >
                  > Master.cf is pretty much stock except this at end....

                  >Make sure there is no option there that overrides smtp_bind_address.
                  Posting entire file just in case:

                  #
                  # Postfix master process configuration file. For details on the format
                  # of the file, see the master(5) manual page (command: "man 5 master").
                  #
                  # Do not forget to execute "postfix reload" after editing this file.
                  #
                  # ==========================================================================
                  # service type private unpriv chroot wakeup maxproc command + args
                  # (yes) (yes) (yes) (never) (100)
                  # ==========================================================================
                  smtp inet n - n - - smtpd
                  #submission inet n - n - - smtpd
                  # -o smtpd_tls_security_level=encrypt
                  # -o smtpd_sasl_auth_enable=yes
                  # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
                  # -o milter_macro_daemon_name=ORIGINATING
                  #smtps inet n - n - - smtpd
                  # -o smtpd_tls_wrappermode=yes
                  # -o smtpd_sasl_auth_enable=yes
                  # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
                  # -o milter_macro_daemon_name=ORIGINATING
                  #628 inet n - n - - qmqpd
                  pickup fifo n - n 60 1 pickup
                  cleanup unix n - n - 0 cleanup
                  qmgr fifo n - n 300 1 qmgr
                  #qmgr fifo n - n 300 1 oqmgr
                  tlsmgr unix - - n 1000? 1 tlsmgr
                  rewrite unix - - n - - trivial-rewrite
                  bounce unix - - n - 0 bounce
                  defer unix - - n - 0 bounce
                  trace unix - - n - 0 bounce
                  verify unix - - n - 1 verify
                  flush unix n - n 1000? 0 flush
                  proxymap unix - - n - - proxymap
                  proxywrite unix - - n - 1 proxymap
                  smtp unix - - n - - smtp
                  # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
                  relay unix - - n - - smtp
                  -o smtp_fallback_relay=
                  # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
                  showq unix n - n - - showq
                  error unix - - n - - error
                  retry unix - - n - - error
                  discard unix - - n - - discard
                  local unix - n n - - local
                  virtual unix - n n - - virtual
                  lmtp unix - - n - - lmtp
                  anvil unix - - n - 1 anvil
                  scache unix - - n - 1 scache
                  #
                  # ====================================================================
                  # Interfaces to non-Postfix software. Be sure to examine the manual
                  # pages of the non-Postfix software to find out what options it wants.
                  #
                  # Many of the following services use the Postfix pipe(8) delivery
                  # agent. See the pipe(8) man page for information about ${recipient}
                  # and other message envelope options.
                  # ====================================================================
                  #
                  # maildrop. See the Postfix MAILDROP_README file for details.
                  # Also specify in main.cf: maildrop_destination_recipient_limit=1
                  #
                  #maildrop unix - n n - - pipe
                  # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
                  #
                  # ====================================================================
                  #
                  # The Cyrus deliver program has changed incompatibly, multiple times.
                  #
                  #old-cyrus unix - n n - - pipe
                  # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
                  #
                  # ====================================================================
                  #
                  # Cyrus 2.1.5 (Amos Gouaux)
                  # Also specify in main.cf: cyrus_destination_recipient_limit=1
                  #
                  #cyrus unix - n n - - pipe
                  # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
                  ${user}
                  #
                  # ====================================================================
                  #
                  # See the Postfix UUCP_README file for configuration details.
                  #
                  #uucp unix - n n - - pipe
                  # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
                  ($recipient)
                  #
                  # ====================================================================
                  #
                  # Other external delivery methods.
                  #
                  #ifmail unix - n n - - pipe
                  # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                  #
                  #bsmtp unix - n n - - pipe
                  # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop
                  $recipient
                  #
                  #scalemail-backend unix - n n - 2 pipe
                  # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
                  # ${nexthop} ${user} ${extension}
                  #
                  #mailman unix - n n - - pipe
                  # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
                  # ${nexthop} ${user}

                  # AV scan filter (used by content_filter)
                  scan unix - - n - 16 smtp
                  -o smtp_send_xforward_command=yes

                  # For injecting mail back into postfix from the filter
                  127.0.0.1:10026 inet n - n - 16 smtpd
                  -o content_filter=
                  -o
                  receive_override_options=no_unknown_recipient_checks,no_header_body_checks
                  -o smtpd_helo_restrictions=
                  -o smtpd_client_restrictions=
                  -o smtpd_sender_restrictions=
                  -o smtpd_recipient_restrictions=permit_mynetworks,reject
                  -o mynetworks_style=host
                  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
                  retry unix - - n - - error



                  >> Make sure your NAT implementation does not nat your smtp traffic.
                  >
                  > Im starting to wonder if this isn't the case...
                  > However would be confusing to me if it is!
                  >

                  >looks like it may be the case. which NAT do you use? is it an external
                  >box or is it pf or ipf on the same box (with pf or ipf, use pfctl or
                  >ipnat to see nat rules and states).

                  Ipfw used:
                  Relavent rule:
                  00025 25672291 13377857559 divert 8668 ip from any to any via em0

                  Nat setup in rc.conf:

                  #Nat
                  natd_enable="YES" # Enable NATD function
                  natd_flags="-dynamic"
                  natd_interface="em0" # interface name of public Internet NIC


                  Interfaces:

                  em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
                  options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
                  ether 00:30:48:90:c8:28
                  inet 196.212.65.186 netmask 0xfffffff8 broadcast 196.212.65.191
                  inet 196.212.65.187 netmask 0xfffffff8 broadcast 196.212.65.191
                  media: Ethernet autoselect (100baseTX <full-duplex>)
                  status: active

                  Would have been simple if I had two isp's could simply redirect 25 traffic
                  too one I want...


                  >if you can disable NAT while you run a test, do so (you can still send
                  >me test mail).

                  Wont be able to on this machine, too many users :<

                  >you can tcpdump while you send mail (feel free to send it to me) and see
                  >which source IP is used.

                  > And Thanks guys for trying to help!
                  > I might be a bit moody, but im sure you understand the pressure when
                  things
                  > like this happens!

                  >yep. good luck.

                  Need it!

                  __________ NOD32 3407 (20080902) Information __________

                  This message was checked by NOD32 antivirus system.
                  http://www.eset.com
                • mouss
                  ... I don t speak ipfw (I don t like it) but if this rule maps all traffic, then that s your problem. you should ask on a freebsd or ipfw list. PS. you must
                  Message 8 of 16 , Sep 3, 2008
                  • 0 Attachment
                    Marcel Grandemange wrote:
                    >> looks like it may be the case. which NAT do you use? is it an external
                    >> box or is it pf or ipf on the same box (with pf or ipf, use pfctl or
                    >> ipnat to see nat rules and states).
                    >
                    > Ipfw used:
                    > Relavent rule:
                    > 00025 25672291 13377857559 divert 8668 ip from any to any via em0
                    >

                    I don't speak ipfw (I don't like it) but if this rule maps all traffic,
                    then that's your problem. you should ask on a freebsd or ipfw list.

                    PS. you must really understand the difference between network interfaces
                    and IP addresses. Here, you have one interface and two IPs. your NAT
                    rules must take IPs into account, otherwise the "primary" IP of the
                    interface is assumed.
                  • Marcel Grandemange
                    ... Solved it!!!! It was NAT! Flipping thing wasn t set to ONLY NAT unregistered private ip addresses! Thank You, So Much for you re time, essentially you put
                    Message 9 of 16 , Sep 3, 2008
                    • 0 Attachment
                      Marcel Grandemange wrote:
                      >> looks like it may be the case. which NAT do you use? is it an external
                      >> box or is it pf or ipf on the same box (with pf or ipf, use pfctl or
                      >> ipnat to see nat rules and states).
                      >
                      > Ipfw used:
                      > Relavent rule:
                      > 00025 25672291 13377857559 divert 8668 ip from any to any via em0
                      >

                      >I don't speak ipfw (I don't like it) but if this rule maps all traffic,
                      >then that's your problem. you should ask on a freebsd or ipfw list.

                      >PS. you must really understand the difference between network interfaces
                      >and IP addresses. Here, you have one interface and two IPs. your NAT
                      >rules must take IPs into account, otherwise the "primary" IP of the
                      >interface is assumed.

                      Solved it!!!! It was NAT! Flipping thing wasn't set to ONLY NAT unregistered
                      private ip addresses!

                      Thank You, So Much for you're time, essentially you put me on rite track!


                      __________ NOD32 3407 (20080902) Information __________

                      This message was checked by NOD32 antivirus system.
                      http://www.eset.com
                    Your message has been successfully submitted and would be delivered to recipients shortly.