As far as your "examples" go, I don't see where a whole lot of NAT magic
is needed. Yes, you can have the two inside IP's translate to the single
external IP..........that is not a problem. Then regardless of which
server "originates" a connection, the outside world is only going to be
aware of the "outside" IP of 206.132.75.196.........and so as long as the
PTR is correct, then it will be fine.
In your examples you only talked of the "inside" addresses originating
connections to mailservers. Will you also want incoming connections
originated from the outside, to sort of round-robin balance between the
two inside addresses a la "server load balancing"??
Brian
On Fri, 7 Jul 2000, The Green Avenger wrote:
> I have a NAT question for everyone. I am wondering if it is possible to
> statically map a single external (world routeable) IP address to more than
> one specific internal (unrouteable) IP address. That is, can I configure
> our router to translate the traffic from 172.16.2.22 and 172.16.2.23 to
> 206.132.75.212?
>
> The reason I would want to do this is so that I can install mail servers
> that identify themselves with the same name on the two machines on the 172
> network, and that will resolve correctly when a remote mail server does a
> reverse lookup.
>
> Fig 1:
>
> IP: 172.16.2.22
> sysname: mail001.example.com
> mailer name: mailer.example.com
> +---------+ | NAT IP: 206.132.75.196
> | | | A RR: mailer.example.com
> | mail001 +-----------+ PTR RR: mailer.example.com
> | | | +---------+
> +---------+ | | |
> +-----------+ rtr 1 |
> +---------+ | | |
> | | | +---------+
> | mail002 +-----------+
> | | |
> +---------+ |
> IP: 172.16.2.23
> sysname: mail002.example.com
> mailer name: mailer.example.com
>
>
> For example, suppose mail001 originates a connection to mx.cisco.com and
> identifies itself as mailer.example.com. mx.cisco.com identifies that this
> connection is coming from mailer.example.com at IP 206.132.75.196. Being
> a well-configured mailer, mx.cisco.com does a reverse DNS lookup to verify
> that the PTR resource record for 206.132.75.196 maps to
> mailer.example.com. It does, and mx.cisco.com takes the mail. A moment
> later, mail002 originates a connection to mx.cisco.com and identifies
> itself as mailer.example.com. mx.cisco.com again identifies that this
> connection is coming from mailer.example.com at IP 206.132.75.196. It
> checks the PTR again, and it matches, and it takes the mail.
>
> Is this configuration possible with Cisco's implementation of NAT? I know
> of other NAT implementations that would support this configuration. (The
> mailer configuration is not a problem.)
>
> Thanks a bunch,
> Marc
>
-----------------------------------------------------
Brian Feeny (BF304) signal@shreve.net
318-222-2638 x 109 http://www.shreve.net/~signal
Network Administrator ShreveNet Inc. (ASN 11881)
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:14 EDT