DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
WAN Aliases - multiple public IP setup (Vigour 2600v)
- kangarolf
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
06 Aug 2009 13:28 #57043
by kangarolf
WAN Aliases - multiple public IP setup (Vigour 2600v) was created by kangarolf
Hi all,
Ive never set up a router with multiple public IPs and I am looking for some help.
I have a vigour 2600v
This requirement has come about from the more stringent checks large email companies are now doing on incoming mail, such as yahoo, AOL and Gmail. We run a number of domains from one office and until now have used one mailserver with multiple domain accounts to handle our mail. Unfortunately this means that any reverse DNS lookup on our sending IPs only results in our main IP address and the PTR record for that which may not match the domain that the email is purporting to be from.
So we have obtained a range of IP addresses from the service provider in order that we can have seperate PTR records for each one that will match the mail domain they are meant to be servicing.
My question(s) is this;
I have entered the new IPs in the WAN aliases box and they are now available on the open ports menu.
1 - It looks to me that if you want traffic from the internal mail server to be tagged as coming from one of the WAN alias IPs you need to create a DMZ entry for it. Is this correct..otherwise as I see it traffic will be routed into the lan machine fine from an alias IP but when it responds or talks out of the lan it will appear to come from the main WAN IP not the alias.
If this is the case then we must either have multiple machines to run the email from multiple domains, or have multiple NICs in the machines each with a different IP.
Also if I set up a DMZ host is all traffic on all ports then allowed through to that local LAN ip..? I think it will and that sounds awful!
Thanks
Rolf
Ive never set up a router with multiple public IPs and I am looking for some help.
I have a vigour 2600v
This requirement has come about from the more stringent checks large email companies are now doing on incoming mail, such as yahoo, AOL and Gmail. We run a number of domains from one office and until now have used one mailserver with multiple domain accounts to handle our mail. Unfortunately this means that any reverse DNS lookup on our sending IPs only results in our main IP address and the PTR record for that which may not match the domain that the email is purporting to be from.
So we have obtained a range of IP addresses from the service provider in order that we can have seperate PTR records for each one that will match the mail domain they are meant to be servicing.
My question(s) is this;
I have entered the new IPs in the WAN aliases box and they are now available on the open ports menu.
1 - It looks to me that if you want traffic from the internal mail server to be tagged as coming from one of the WAN alias IPs you need to create a DMZ entry for it. Is this correct..otherwise as I see it traffic will be routed into the lan machine fine from an alias IP but when it responds or talks out of the lan it will appear to come from the main WAN IP not the alias.
If this is the case then we must either have multiple machines to run the email from multiple domains, or have multiple NICs in the machines each with a different IP.
Also if I set up a DMZ host is all traffic on all ports then allowed through to that local LAN ip..? I think it will and that sounds awful!
Thanks
Rolf
Please Log in or Create an account to join the conversation.
- kangarolf
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
07 Aug 2009 09:16 #57067
by kangarolf
Replied by kangarolf on topic Answer
Ive tested and discovered my own answer so I'll post here.
In order that an internal PCs outgoing traffic to appear to originate from a WAN Alias (a further IP specified in the WAN Alias section of the ASDL setup pages distinct from the main IP assigned to the router by the provider) that PC must be placed in the DMZ.
By default all ports are stealthed within NAT, however the DMZ setting overrides this and all ports are now OPEN.
You must then setup the IP filter/firewall to disable all traffic on all ports to the DMZ PCs IP. Then create selective rules to open those ports for the traffic you are serving..web, email etc.
There doesnt appear to be a way to stealth the ports on a machine within the DMZ, without a further firewall...all ports will appear open, but traffic will not be allowed through if you have set the IP filter correctly.
Rolf
In order that an internal PCs outgoing traffic to appear to originate from a WAN Alias (a further IP specified in the WAN Alias section of the ASDL setup pages distinct from the main IP assigned to the router by the provider) that PC must be placed in the DMZ.
By default all ports are stealthed within NAT, however the DMZ setting overrides this and all ports are now OPEN.
You must then setup the IP filter/firewall to disable all traffic on all ports to the DMZ PCs IP. Then create selective rules to open those ports for the traffic you are serving..web, email etc.
There doesnt appear to be a way to stealth the ports on a machine within the DMZ, without a further firewall...all ports will appear open, but traffic will not be allowed through if you have set the IP filter correctly.
Rolf
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek