Two different IP for one mx

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Two different IP for one mx

jin&hitman&Barracuda
Hi

We are tring to move our mx server to another isp. They gave us an IP address but there is some strange points. When i try to connect any mail related port on that ip, it send my connection to our new postfix server. There is a destination nat on it. It is strange becouse i can't see my actual source ip. I tried with many different hosts and It looks like there is a source nat and i saw same ip as my source ip wherever i try. 

From new postfix server,  when i try to reach any server on internet, i see another ip address on the source ip field and it is fixed too.

I believe there is a mistake. Could it be feasible two different ip for incoming and outgoing on one mx server ?
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Kevin A. McGrail
On 1/29/2018 4:09 PM, jin&hitman&Barracuda wrote:

> We are tring to move our mx server to another isp. They gave us an IP
> address but there is some strange points. When i try to connect any
> mail related port on that ip, it send my connection to our new postfix
> server. There is a destination nat on it. It is strange becouse i
> can't see my actual source ip. I tried with many different hosts and
> It looks like there is a source nat and i saw same ip as my source ip
> wherever i try.
>
> From new postfix server,  when i try to reach any server on internet,
> i see another ip address on the source ip field and it is fixed too.
>
> I believe there is a mistake. Could it be feasible two different ip
> for incoming and outgoing on one mx server ?
With NAT it could definitely be possible.  What's your machines local ip
address with ifconfig?  Is it a reserved private address?

Regards,
KAM
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

jin&hitman&Barracuda


On 30 Jan 2018 12:56 a.m., "Kevin A. McGrail" <[hidden email]> wrote:
On 1/29/2018 4:09 PM, jin&hitman&Barracuda wrote:
We are tring to move our mx server to another isp. They gave us an IP address but there is some strange points. When i try to connect any mail related port on that ip, it send my connection to our new postfix server. There is a destination nat on it. It is strange becouse i can't see my actual source ip. I tried with many different hosts and It looks like there is a source nat and i saw same ip as my source ip wherever i try.

From new postfix server,  when i try to reach any server on internet, i see another ip address on the source ip field and it is fixed too.

I believe there is a mistake. Could it be feasible two different ip for incoming and outgoing on one mx server ?
With NAT it could definitely be possible.  What's your machines local ip address with ifconfig?  Is it a reserved private address?

Regards,
KAM

Hi
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Kevin A. McGrail
On 1/29/2018 5:03 PM, jin&hitman&Barracuda wrote:
It is 192.168.34.30/24

So that's a Class C (256 IPs) block from the reserved private class B address block*.  So you are definitely NATted if you have access to the internet. 

If you have a 1:1 NAT and can do port forwards, etc. up stream, it will work.  But it sounds like you have something more complicated in front of that box.

Regards,

KAM

*https://en.wikipedia.org/wiki/Reserved_IP_addresses or RFC 1918 but these are the reserved private network addresses.

10.x.x.x

172.16.x x to 172.31.x.x

192.168.x.x

Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Paul Enlund-2
In reply to this post by jin&hitman&Barracuda


On 29/01/2018 21:09, jin&hitman&Barracuda wrote:

> Hi
>
> We are tring to move our mx server to another isp. They gave us an IP
> address but there is some strange points. When i try to connect any
> mail related port on that ip, it send my connection to our new postfix
> server. There is a destination nat on it. It is strange becouse i
> can't see my actual source ip. I tried with many different hosts and
> It looks like there is a source nat and i saw same ip as my source ip
> wherever i try.
>
> From new postfix server,  when i try to reach any server on internet,
> i see another ip address on the source ip field and it is fixed too.
>
> I believe there is a mistake. Could it be feasible two different ip
> for incoming and outgoing on one mx server ?
What is the source IP you see making connections to your new postfix
server ?


Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

jin&hitman&Barracuda


On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:


On 29/01/2018 21:09, jin&hitman&Barracuda wrote:
Hi

We are tring to move our mx server to another isp. They gave us an IP address but there is some strange points. When i try to connect any mail related port on that ip, it send my connection to our new postfix server. There is a destination nat on it. It is strange becouse i can't see my actual source ip. I tried with many different hosts and It looks like there is a source nat and i saw same ip as my source ip wherever i try.

From new postfix server,  when i try to reach any server on internet, i see another ip address on the source ip field and it is fixed too.

I believe there is a mistake. Could it be feasible two different ip for incoming and outgoing on one mx server ?
What is the source IP you see making connections to your new postfix server ?



It is 172.27.203.20
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Matus UHLAR - fantomas
On 30.01.18 00:09, jin&hitman&Barracuda wrote:
>In-Reply-To: <[hidden email]>
>References: <[hidden email]>
> <CALdev8fMW22bRAnyDYsRbcqjAcNUitUUqB=[hidden email]>

hell, how did you create this e-mail? it looks like reply to thread with
another 9 e-mails.  (Plese send new post when asking new question)

>We are tring to move our mx server to another isp. They gave us an IP
>address but there is some strange points. When i try to connect any mail
>related port on that ip, it send my connection to our new postfix server.

this is expected, isn't it?

>There is a destination nat on it. It is strange becouse i can't see my
>actual source ip. I tried with many different hosts and It looks like there
>is a source nat and i saw same ip as my source ip wherever i try.

this is also expected, when you have server on network with private IPs.

>From new postfix server,  when i try to reach any server on internet, i see
>another ip address on the source ip field and it is fixed too.
>
>I believe there is a mistake. Could it be feasible two different ip for
>incoming and outgoing on one mx server ?

it's apparently a mistake, but might not be a problem.
the incoming IP and outgoing IP don't need be the same, although it's
easier when they are.

>On 30 Jan 2018 12:56 a.m., "Kevin A. McGrail" <[hidden email]> wrote:
>With NAT it could definitely be possible.  What's your machines local ip
>address with ifconfig?  Is it a reserved private address?

On 30.01.18 01:03, jin&hitman&Barracuda wrote:
>It is 192.168.34.30/24

this is a private address, not visible in the internet.

>On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
>What is the source IP you see making connections to your new postfix server
>?

On 30.01.18 09:28, jin&hitman&Barracuda wrote:
>It is 172.27.203.20

this is also a private address and it should not appear in the public
internet. Should not be a problem between servers.

If you see this IP when you connect to your postfix from the internet,
complain to your new ISP immediately. Connections from outside should not be
NATted.

let's clear things up:

- which IP do you have when mailing to the outside?
- which IP you have to connect from outside in order to get to your mail server?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows.   -- Matthew D. Fuller
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

jin&hitman&Barracuda


2018-01-30 12:03 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
On 30.01.18 00:09, jin&hitman&Barracuda wrote:
In-Reply-To: <[hidden email]>
References: <[hidden email]>
<CALdev8fMW22bRAnyDYsRbcqjAcNUitUUqB=[hidden email]>

hell, how did you create this e-mail? it looks like reply to thread with
another 9 e-mails.  (Plese send new post when asking new question)

We are tring to move our mx server to another isp. They gave us an IP
address but there is some strange points. When i try to connect any mail
related port on that ip, it send my connection to our new postfix server.

this is expected, isn't it?

There is a destination nat on it. It is strange becouse i can't see my
actual source ip. I tried with many different hosts and It looks like there
is a source nat and i saw same ip as my source ip wherever i try.

this is also expected, when you have server on network with private IPs.

From new postfix server,  when i try to reach any server on internet, i see
another ip address on the source ip field and it is fixed too.

I believe there is a mistake. Could it be feasible two different ip for
incoming and outgoing on one mx server ?

it's apparently a mistake, but might not be a problem. the incoming IP and outgoing IP don't need be the same, although it's
easier when they are.

On 30 Jan 2018 12:56 a.m., "Kevin A. McGrail" <[hidden email]> wrote:
With NAT it could definitely be possible.  What's your machines local ip
address with ifconfig?  Is it a reserved private address?

On 30.01.18 01:03, jin&hitman&Barracuda wrote:
It is 192.168.34.30/24

this is a private address, not visible in the internet.

On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
What is the source IP you see making connections to your new postfix server
?

On 30.01.18 09:28, jin&hitman&Barracuda wrote:
It is 172.27.203.20

this is also a private address and it should not appear in the public
internet. Should not be a problem between servers.

If you see this IP when you connect to your postfix from the internet,
complain to your new ISP immediately. Connections from outside should not be
NATted.

let's clear things up:

- which IP do you have when mailing to the outside?
- which IP you have to connect from outside in order to get to your mail server?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows.   -- Matthew D. Fuller


When I reach to another host, I see this address 213.74.AAA.114 as my source
When I connect to new postfix I use this IP  213.14.BBB.59


--
There is no place like "/home"
From HemiB A R R A C U D A !
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Matus UHLAR - fantomas
>> On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
>>> What is the source IP you see making connections to your new postfix
>>> server
>>> ?
>>>
>>
>> On 30.01.18 09:28, jin&hitman&Barracuda wrote:
>>> It is 172.27.203.20

>2018-01-30 12:03 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
>> this is also a private address and it should not appear in the public
>> internet. Should not be a problem between servers.
>>
>> If you see this IP when you connect to your postfix from the internet,
>> complain to your new ISP immediately. Connections from outside should not
>> be
>> NATted.

once again, when you connect from outside to 213.14.BBB.59, do you see the
connection coming from 172.27.203.20?

If so, this will hardly spoil any blacklisting or whitelisting and of course
spam detection. Ask the ISP for not doing source NAT when connecting from
outside to inside.

>> let's clear things up:
>>
>> - which IP do you have when mailing to the outside?
>> - which IP you have to connect from outside in order to get to your mail
>> server?

On 30.01.18 13:01, jin&hitman&Barracuda wrote:
>When I reach to another host, I see this address 213.74.AAA.114 as my source
>When I connect to new postfix I use this IP  213.14.BBB.59

no problem - you just need to have proper valir reverse (and forward) DNS
records for 213.74.AAA.114, while MX can point to 213.14.BBB.59

however I would ask the ISP if they can't provide the same IP, for easier
troubleshooting.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

jin&hitman&Barracuda


2018-01-30 13:29 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
What is the source IP you see making connections to your new postfix
server
?


On 30.01.18 09:28, jin&hitman&Barracuda wrote:
It is 172.27.203.20

2018-01-30 12:03 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
this is also a private address and it should not appear in the public
internet. Should not be a problem between servers.

If you see this IP when you connect to your postfix from the internet,
complain to your new ISP immediately. Connections from outside should not
be
NATted.

once again, when you connect from outside to 213.14.BBB.59, do you see the
connection coming from 172.27.203.20?

If so, this will hardly spoil any blacklisting or whitelisting and of course
spam detection. Ask the ISP for not doing source NAT when connecting from
outside to inside.

let's clear things up:

- which IP do you have when mailing to the outside?
- which IP you have to connect from outside in order to get to your mail
server?

On 30.01.18 13:01, jin&hitman&Barracuda wrote:
When I reach to another host, I see this address 213.74.AAA.114 as my source
When I connect to new postfix I use this IP  213.14.BBB.59

no problem - you just need to have proper valir reverse (and forward) DNS
records for 213.74.AAA.114, while MX can point to 213.14.BBB.59

however I would ask the ISP if they can't provide the same IP, for easier
troubleshooting.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.

Sorry I missed your questions. Yes I saw connections coming from 172.27.203.20 and it was me.
I believe this setup is not fit mail servers. Becouse I prefer to use fail2ban for brute force attacks and fail2ban depends source IP address.
In this setup I can't see source IP. Also I'll use iptables as a permanent filter for some IPv4 blocks (like china).  


Can anyone tell me that this setup has any benefit ? 

--
There is no place like "/home"
From HemiB A R R A C U D A !
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Matus UHLAR - fantomas
>> On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
>>>>> What is the source IP you see making connections to your new postfix
>>>>> server ?

>>>> On 30.01.18 09:28, jin&hitman&Barracuda wrote:
>>>>> It is 172.27.203.20

>> 2018-01-30 12:03 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
>>>> If you see this IP when you connect to your postfix from the internet,
>>>> complain to your new ISP immediately.  Connections from outside should
>>>> not be NATted.

>2018-01-30 13:29 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
>> once again, when you connect from outside to 213.14.BBB.59, do you see
>> the connection coming from 172.27.203.20?

On 30.01.18 14:07, jin&hitman&Barracuda wrote:
>Sorry I missed your questions.

not misread, you have answered them properly.

> Yes I saw connections coming
>from 172.27.203.20 and it was me.

it was you in what way?  were you connecting from inside IP (192.168.*) to
your public IP (213.14.BBB.59) and saw the connection coming from
172.27.203.20?

That one is called NAT loobback and is required in such case.
In this case, 172.27.203.20 only means that the real source is in your
internal network.

The real problem happens, when you connect from the internet IP and will see
172.27.203.20 there.

Which IP you see connecting on your mail server, when you connect from the
internet?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

jin&hitman&Barracuda


2018-01-30 14:16 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
What is the source IP you see making connections to your new postfix
server ?

On 30.01.18 09:28, jin&hitman&Barracuda wrote:
It is 172.27.203.20

2018-01-30 12:03 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
If you see this IP when you connect to your postfix from the internet,
complain to your new ISP immediately.  Connections from outside should
not be NATted.

2018-01-30 13:29 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
once again, when you connect from outside to 213.14.BBB.59, do you see
the connection coming from 172.27.203.20?

On 30.01.18 14:07, jin&hitman&Barracuda wrote:
Sorry I missed your questions.

not misread, you have answered them properly.

Yes I saw connections coming
from 172.27.203.20 and it was me.

it was you in what way?  were you connecting from inside IP (192.168.*) to
your public IP (213.14.BBB.59) and saw the connection coming from
172.27.203.20?

That one is called NAT loobback and is required in such case.
In this case, 172.27.203.20 only means that the real source is in your
internal network.

The real problem happens, when you connect from the internet IP and will see
172.27.203.20 there.

Which IP you see connecting on your mail server, when you connect from the
internet?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.

> Which IP you see connecting on your mail server, when you connect from the
> internet?

When I connecting from internet (for example from 149.XXX.164.55) I did run tcpdump command on postfix server and all incoming connections have same source IP and it is 172.27.203.20. I doesn't matter where I choose to connect I see same IP as source. 

> it was you in what way?  were you connecting from inside IP (192.168.*) to
> your public IP (213.14.BBB.59) and saw the connection coming from
> 172.27.203.20?

No, not inside in postfix server's network. I tried from outside. The new postfix is not running as prod. Still testing and no DNS record published yet. There is only me. 



--
There is no place like "/home"
From HemiB A R R A C U D A !
CP
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

CP
In reply to this post by jin&hitman&Barracuda
On 01/29/2018 11:09 PM, jin&hitman&Barracuda wrote:
> Hi
>
> We are tring to move our mx server to another isp.

You have two postfix installations then, one in your current MX record
and a new
which is not yet published on DNS . Is that correct ?

> They gave us an IP address but there is some strange points. When i
> try to connect any mail related port on that ip, it send my connection
> to our new postfix server. There is a destination nat on it. It is
> strange becouse i can't see my actual source ip. I tried with many
> different hosts and It looks like there is a source nat and i saw same
> ip as my source ip wherever i try.

Are you talking about telnet to this IP to check if it works OR you're
trying to send SMTP ? if the later is the your  case
then it works as it supposed to , your MX record is on your current
installation not the new one .

>
> From new postfix server,  when i try to reach any server on internet,
> i see another ip address on the source ip field and it is fixed too.
>
> I believe there is a mistake. Could it be feasible two different ip
> for incoming and outgoing on one mx server ?

George
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Bill Shirley
In reply to this post by Matus UHLAR - fantomas
On the new Postfix server, are you using DHCP client on the WAN interface
to get a IP address?  You should not be.  You should assign your public address
to the WAN interface.

I have static addresses with my ISP.  My ISP's modem will hand out private addresses
if I use DHCP client.  I don't configure my server to use DHCP; I have it set up to
use the public address.

Bill


On 1/30/2018 4:03 AM, Matus UHLAR - fantomas wrote:

> On 30.01.18 00:09, jin&hitman&Barracuda wrote:
>> In-Reply-To: <[hidden email]>
>> References: <[hidden email]>
>> <CALdev8fMW22bRAnyDYsRbcqjAcNUitUUqB=[hidden email]>
>
> hell, how did you create this e-mail? it looks like reply to thread with
> another 9 e-mails.  (Plese send new post when asking new question)
>
>> We are tring to move our mx server to another isp. They gave us an IP
>> address but there is some strange points. When i try to connect any mail
>> related port on that ip, it send my connection to our new postfix server.
>
> this is expected, isn't it?
>
>> There is a destination nat on it. It is strange becouse i can't see my
>> actual source ip. I tried with many different hosts and It looks like there
>> is a source nat and i saw same ip as my source ip wherever i try.
>
> this is also expected, when you have server on network with private IPs.
>
>> From new postfix server,  when i try to reach any server on internet, i see
>> another ip address on the source ip field and it is fixed too.
>>
>> I believe there is a mistake. Could it be feasible two different ip for
>> incoming and outgoing on one mx server ?
>
> it's apparently a mistake, but might not be a problem. the incoming IP and outgoing IP don't need be the same, although it's
> easier when they are.
>
>> On 30 Jan 2018 12:56 a.m., "Kevin A. McGrail" <[hidden email]> wrote:
>> With NAT it could definitely be possible.  What's your machines local ip
>> address with ifconfig?  Is it a reserved private address?
>
> On 30.01.18 01:03, jin&hitman&Barracuda wrote:
>> It is 192.168.34.30/24
>
> this is a private address, not visible in the internet.
>
>> On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
>> What is the source IP you see making connections to your new postfix server
>> ?
>
> On 30.01.18 09:28, jin&hitman&Barracuda wrote:
>> It is 172.27.203.20
>
> this is also a private address and it should not appear in the public
> internet. Should not be a problem between servers.
>
> If you see this IP when you connect to your postfix from the internet,
> complain to your new ISP immediately. Connections from outside should not be
> NATted.
>
> let's clear things up:
>
> - which IP do you have when mailing to the outside?
> - which IP you have to connect from outside in order to get to your mail server?
>

Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Matus UHLAR - fantomas
In reply to this post by jin&hitman&Barracuda
>>>>>> If you see this IP when you connect to your postfix from the internet,
>>>>>> complain to your new ISP immediately.  Connections from outside
>>>>>> should not be NATted.

On 30.01.18 14:34, jin&hitman&Barracuda wrote:
>When I connecting from internet (for example from 149.XXX.164.55) I did run
>tcpdump command on postfix server and all incoming connections have same
>source IP and it is 172.27.203.20. I doesn't matter where I choose to
>connect I see same IP as source.

OK, my original words apply.

complain to your ISP, they should not SNAT incoming connections from the
internet to your server.

until then, I recommend you not move the server to them.


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

jin&hitman&Barracuda
In reply to this post by CP


2018-01-30 14:42 GMT+03:00 G <[hidden email]>:
On 01/29/2018 11:09 PM, jin&hitman&Barracuda wrote:
Hi

We are tring to move our mx server to another isp.

You have two postfix installations then, one in your current MX record and a new
which is not yet published on DNS . Is that correct ?

They gave us an IP address but there is some strange points. When i try to connect any mail related port on that ip, it send my connection to our new postfix server. There is a destination nat on it. It is strange becouse i can't see my actual source ip. I tried with many different hosts and It looks like there is a source nat and i saw same ip as my source ip wherever i try.

Are you talking about telnet to this IP to check if it works OR you're trying to send SMTP ? if the later is the your  case
then it works as it supposed to , your MX record is on your current installation not the new one .


From new postfix server,  when i try to reach any server on internet, i see another ip address on the source ip field and it is fixed too.

I believe there is a mistake. Could it be feasible two different ip for incoming and outgoing on one mx server ?

George

Hi George

> You have two postfix installations then, one in your current MX record and a new
> which is not yet published on DNS . Is that correct ?

Yes that is true. Actually the old mx is a QmailToaster but that is not the point. 

> Are you talking about telnet to this IP to check if it works OR you're trying to send SMTP ? if the later is the your  case
> then it works as it supposed to , your MX record is on your current installation not the new one .

Actually I ran tests with basic nc (like telnet) on TCP 110, 143 and 587. Tcp 25 is blocking state on some firewall I guess. 


Fatih
--
There is no place like "/home"
From HemiB A R R A C U D A !
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

jin&hitman&Barracuda
In reply to this post by Bill Shirley


2018-01-30 15:22 GMT+03:00 Bill Shirley <[hidden email]>:
On the new Postfix server, are you using DHCP client on the WAN interface
to get a IP address?  You should not be.  You should assign your public address
to the WAN interface.

I have static addresses with my ISP.  My ISP's modem will hand out private addresses
if I use DHCP client.  I don't configure my server to use DHCP; I have it set up to
use the public address.

Bill
 


On 1/30/2018 4:03 AM, Matus UHLAR - fantomas wrote:
On 30.01.18 00:09, jin&hitman&Barracuda wrote:
In-Reply-To: <[hidden email]>
References: <[hidden email]>
<CALdev8fMW22bRAnyDYsRbcqjAcNUitUUqB=[hidden email]>

hell, how did you create this e-mail? it looks like reply to thread with
another 9 e-mails.  (Plese send new post when asking new question)

We are tring to move our mx server to another isp. They gave us an IP
address but there is some strange points. When i try to connect any mail
related port on that ip, it send my connection to our new postfix server.

this is expected, isn't it?

There is a destination nat on it. It is strange becouse i can't see my
actual source ip. I tried with many different hosts and It looks like there
is a source nat and i saw same ip as my source ip wherever i try.

this is also expected, when you have server on network with private IPs.

From new postfix server,  when i try to reach any server on internet, i see
another ip address on the source ip field and it is fixed too.

I believe there is a mistake. Could it be feasible two different ip for
incoming and outgoing on one mx server ?

it's apparently a mistake, but might not be a problem. the incoming IP and outgoing IP don't need be the same, although it's
easier when they are.

On 30 Jan 2018 12:56 a.m., "Kevin A. McGrail" <[hidden email]> wrote:
With NAT it could definitely be possible.  What's your machines local ip
address with ifconfig?  Is it a reserved private address?

On 30.01.18 01:03, jin&hitman&Barracuda wrote:
It is 192.168.34.30/24

this is a private address, not visible in the internet.

On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
What is the source IP you see making connections to your new postfix server
?

On 30.01.18 09:28, jin&hitman&Barracuda wrote:
It is 172.27.203.20

this is also a private address and it should not appear in the public
internet. Should not be a problem between servers.

If you see this IP when you connect to your postfix from the internet,
complain to your new ISP immediately. Connections from outside should not be
NATted.

let's clear things up:

- which IP do you have when mailing to the outside?
- which IP you have to connect from outside in order to get to your mail server?



Hi Bill

No, there is no DHCP. All I have is one interface and it's it has a fixed IP address (192.168.34.30)





--
There is no place like "/home"
From HemiB A R R A C U D A !
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

jin&hitman&Barracuda
In reply to this post by Matus UHLAR - fantomas


2018-01-30 16:42 GMT+03:00 Matus UHLAR - fantomas <[hidden email]>:
If you see this IP when you connect to your postfix from the internet,
complain to your new ISP immediately.  Connections from outside
should not be NATted.

On 30.01.18 14:34, jin&hitman&Barracuda wrote:
When I connecting from internet (for example from 149.XXX.164.55) I did run
tcpdump command on postfix server and all incoming connections have same
source IP and it is 172.27.203.20. I doesn't matter where I choose to
connect I see same IP as source.

OK, my original words apply.

complain to your ISP, they should not SNAT incoming connections from the
internet to your server.

until then, I recommend you not move the server to them.


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.


Fair enough,  I agree with you. 

Fatih
--
There is no place like "/home"
From HemiB A R R A C U D A !
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Karol Augustin
In reply to this post by jin&hitman&Barracuda

On 2018-01-30 14:08, jin&hitman&Barracuda wrote:



2018-01-30 15:22 GMT+03:00 Bill Shirley <[hidden email]>:
On the new Postfix server, are you using DHCP client on the WAN interface
to get a IP address?  You should not be.  You should assign your public address
to the WAN interface.

I have static addresses with my ISP.  My ISP's modem will hand out private addresses
if I use DHCP client.  I don't configure my server to use DHCP; I have it set up to
use the public address.

Bill
 


On 1/30/2018 4:03 AM, Matus UHLAR - fantomas wrote:
On 30.01.18 00:09, jin&hitman&Barracuda wrote:
In-Reply-To: <[hidden email]>
References: <[hidden email]>
<CALdev8fMW22bRAnyDYsRbcqjAcNUitUUqB=[hidden email]>

hell, how did you create this e-mail? it looks like reply to thread with
another 9 e-mails.  (Plese send new post when asking new question)

We are tring to move our mx server to another isp. They gave us an IP
address but there is some strange points. When i try to connect any mail
related port on that ip, it send my connection to our new postfix server.

this is expected, isn't it?

There is a destination nat on it. It is strange becouse i can't see my
actual source ip. I tried with many different hosts and It looks like there
is a source nat and i saw same ip as my source ip wherever i try.

this is also expected, when you have server on network with private IPs.

From new postfix server,  when i try to reach any server on internet, i see
another ip address on the source ip field and it is fixed too.

I believe there is a mistake. Could it be feasible two different ip for
incoming and outgoing on one mx server ?

it's apparently a mistake, but might not be a problem. the incoming IP and outgoing IP don't need be the same, although it's
easier when they are.

On 30 Jan 2018 12:56 a.m., "Kevin A. McGrail" <[hidden email]> wrote:
With NAT it could definitely be possible.  What's your machines local ip
address with ifconfig?  Is it a reserved private address?

On 30.01.18 01:03, jin&hitman&Barracuda wrote:
It is 192.168.34.30/24

this is a private address, not visible in the internet.

On 30 Jan 2018 3:43 a.m., "Paul" <[hidden email]> wrote:
What is the source IP you see making connections to your new postfix server
?

On 30.01.18 09:28, jin&hitman&Barracuda wrote:
It is 172.27.203.20

this is also a private address and it should not appear in the public
internet. Should not be a problem between servers.

If you see this IP when you connect to your postfix from the internet,
complain to your new ISP immediately. Connections from outside should not be
NATted.

let's clear things up:

- which IP do you have when mailing to the outside?
- which IP you have to connect from outside in order to get to your mail server?

Hi Bill
 
No, there is no DHCP. All I have is one interface and it's it has a fixed IP address (192.168.34.30)
 

From the information you provided it looks like problem is not fixable by you. It's ok to have private address configured on your server if it is properly translated upstream. Amazon does that. You have private IP configured on your machine but it is translated to the same public address for both incoming and outgoing connections. Talk to your ISP about this.


Karol



--
Karol Augustin
[hidden email]
http://karolaugustin.pl/
+353 85 775 5312
Reply | Threaded
Open this post in threaded view
|

Re: Two different IP for one mx

Bill Shirley
On 1/30/2018 9:15 AM, Karol Augustin wrote:
From the information you provided it looks like problem is not fixable by you. It's ok to have private address configured on your server if it is properly translated upstream. Amazon does that. You have private IP configured on your machine but it is translated to the same public address for both incoming and outgoing connections. Talk to your ISP about this.


Karol



--
Karol Augustin
[hidden email]
http://karolaugustin.pl/
+353 85 775 5312

In an earlier post:
Becouse I prefer to use fail2ban for brute force attacks and fail2ban depends source IP address.In this setup I can't see source IP. Also I'll use iptables as a permanent filter for some IPv4 blocks (like china).  

He needs to see the real public addresses of those who connect to this new server.


You said this machine has address 192.168.34.30/24.  Who gave it this address?

Bill

12