Nat question. faking dynamic, but only allow incoming to 1 host

Unanswered Question
May 4th, 2010
User Badges:

I have 1 external IP address that is used for incomming mail.  That address is pointed via static to my Barracuda web filter.  My xchange server falls under the standard dynamic nat policy.  One some domains I have been getting NDR bounce backs because the source IP address does not mach my MX record address (reverse dns).

IE.. is the external IP address for my internal host  (my barracuda) is the external IP address for my internal dynamic nat.  (so all other hosts appear under this address, which includes my exchage server).

Is it possible to mask / fake so that my exchange server appears to have the same external address as my barracuda to prevent these NDR reverse dns issues?  However I do not want anything that goes to to go directly to the exchange server.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
astripat Wed, 05/05/2010 - 07:02
User Badges:


I assume that we have the following configuration:

static (inside,outside)

global (outside) 1

nat (inside) 1 0 0

Try the following:

no static (inside,outside)

static (inside,outside) tcp 25 25

no global (outside) 1

global (outside) 1

clear xlate

clear local

Let me know if that resolves the issue.



bob.bartlett Wed, 05/05/2010 - 20:13
User Badges:

You should not do that as if the exchange server gets hit with a virus or mass mailing bot you will get on the SPAM list and could have issues with the server.  You should point your exchange server at the Barracuda as an SMTP smarthost and have it scan outbound.


This Discussion