NAT issue on router hindering reverse dns lookups?

[paulgami]

We have a /27 block of IP addresses and have assigned various internet-facing servers public addresses using:

ip nat inside source static tcp i.i.i.i port e.e.e.e port extendable

The mail server, for example, will not report its address as e.e.e.e - it will instead report the address of the outside FastEthernet interface which causes problems with reverse dns lookups.

How can I get it to report the correct address?

 

[jpm121]

Sounds like a mail software configuration issue - what server are you running? And why isn't it identifying itself with a hostname (more common?) And the point of reverse DNS is for the server "out there" to look at the actual incoming IP address of the SMTP server, not what it claims to be, and check for a reverse DNS entry. It then may compare the official reverse DNS entry to what your server claims to be and evaluate that, but my point is I think you're looking in the wrong place for the problem.

 

[paulgami]

Yes, however, the problem is that the mail server announces itself as:

Received: from mail.example.com (unknown [111.111.111.111])
by mail.example2.com

That would be fine except 111.111.111.111 is the external NAT ip of the firewall and not the public address given to the mail server by:

ip nat inside source static tcp 10.10.10.114 25 111.111.111.114 25 extendable

Do I need to take the mail server outside of NAT into some kind of DMZ?