I have a new MT router under construction for hotspot use. This one uses a mail server that is on a "non fixed" ip address. So I have to figure out how to send mail server requests to (for example) <mail.coffeehouse.us>. I want to BLOCK ANY and all port 25 traffic to any other mail server excepting <mail.coffeehouse.us>. (In the alternative, simply sending ALL port 25 traffic originating on the hotspot side to <mail.coffeehouse.us> would be fine also.)
In my current design, I am able to a) get mail to the right place if I put a fixed IP address in my routing setup. and b) I am able to PING to <mail.coffehouse.us> from the hotspot side. But I have not sorted out how to get things to work when I want to use <mail.coffeehouse.us:25> as the destination for all port 25 traffic. It would be just fine to reroute ALL port 25 traffic to <mail.coffeehouse.us> as opposed to just that with the server listed as mail.coffeehouse.us if that made the routing algorithm simpler.
Can someone detail for me the routing table setup lines I need for making outgoing mail from a mail client go through to the server <mail.coffeehouse.us> and in the MEANWHILE blocking all other hotspot originating traffic to any other port 25 excepting this one?
For the sake of argument, consider that the ether1 port is 192.168.1.5 and is the "public" side of the Mikrotik and that 10.5.50.x is the HOTSPOT side of the router on ether2.
Many Thanks for the help!
Joe
Re: Hotspot passthrough for email (2.9.51)
The problem is with non-fixed IP address.
It means that you will need to run some script with :resolve command that will update your rules to correct IP address.
It's possible to run dst-nat rule that catches all SMTP traffic and redirects to specified IP address.
ip firewall nat add action=dst-nat chain=dstnat dst-port=25 protocol=tcp to-address=MAIL_server_address.
For Mail_Server_Address you need to use :resolve script to get IP address of the my.mailserver.com
For the HotSpot there is specific option in 'ip hotspot profile' smtp-server, where you can add IP address of SMTP server.
Automatic DST-NAT rule will be created for all users.
It means that you will need to run some script with :resolve command that will update your rules to correct IP address.
It's possible to run dst-nat rule that catches all SMTP traffic and redirects to specified IP address.
ip firewall nat add action=dst-nat chain=dstnat dst-port=25 protocol=tcp to-address=MAIL_server_address.
For Mail_Server_Address you need to use :resolve script to get IP address of the my.mailserver.com
For the HotSpot there is specific option in 'ip hotspot profile' smtp-server, where you can add IP address of SMTP server.
Automatic DST-NAT rule will be created for all users.
Re: Hotspot passthrough for email (2.9.51)
Sorry.. I left out one fact. A program called "Direct Update" in the mail server is keeping the IP address updated properly in the DNS server. So when a user executes a call to mail.coffeehouse.com, the DNS server will return the proper IP address which is the EXTERNAL IP address of the local LAN on which the mail server AND the Mikrotik are connected. The IP address of the local LAN is 192.168.168.X.
So.. The need is to have the MT intercept calls to mail.coffeehouse.com and internally translate these calls to (say) 192.168.168.5.
Is it possible to program the MT routes to do this?
In fact, I would be happy if any/all calls to port 25 and 110 were simply transferred to IP = 192.`68.`68.5. Maybe this is simpler to do??
Thanks
So.. The need is to have the MT intercept calls to mail.coffeehouse.com and internally translate these calls to (say) 192.168.168.5.
Is it possible to program the MT routes to do this?
In fact, I would be happy if any/all calls to port 25 and 110 were simply transferred to IP = 192.`68.`68.5. Maybe this is simpler to do??
Thanks
Re: Hotspot passthrough for email (2.9.51)
just add dst-nat rule with protocol=tcp, dst-port=25,110, action=dst-nat, to-addresses=192.168.168.5In fact, I would be happy if any/all calls to port 25 and 110 were simply transferred to IP = 192.`68.`68.5