How to move server from behind NAT to DMZ

We have a block of IP addresses and have assigned various internet-facing servers public addresses using the following (on a


ip nat inside source static tcp i.i.i.i port e.e.e.e port extendable

Incoming and outgoing mail works just fine until the mail server reports its name as but with the public ip of the FastEthernet (NAT) interface. There are reverse dns issues and mail will occasionally be bounced:

Received: from (unknown [x.x.x.x]) by

(where x.x.x.x is the internet-facing interface of the 1760)

I'd like this to happen:

Received: from (unknown [x.x.x.y]) by

(where x.x.x.y is the public ip assigned to the mail server)

From what I've read, the mail server should sit in a dmz with its own

public ip address but I'm not too sure exactly how to make the change.

Presumably I pick an unused FastEthernet interface, enter "no shutdown" and hang a switch off that... but do I give it an ip address? Do I give the mail server a public ip, does it keep its private ip, does it need a new private ip for the dmz, or both? How does the routing work?

I think I know what to do but am stuck on how to go about it. A prod in the right direction would be very much appreciated.

Reply to
Loading thread data ...

This should solve your problem:

formatting link
sure that you have the smtp fixup enabled.


Reply to
Andre Janssen

Has that feature improved any or does it still clobber the 220 response and refuse to accept EHLO?

Reply to
Rod Dorman Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.