Untrust intrface address and MX record problem

[slava3000]

Hello:

My LAN is protected by Netscreen 5XP Firewall, which was configured by somebody else.
There is one exposed external IP address: X.Y.Z.156.
VIP provides port forwarding to some servers on the internal LAN - MS Exchange, Web server, etc.:

set interface untrust vip X.Y.Z.156 + 25 "MAIL" 192.168.1.5
set interface untrust vip X.Y.Z.156 80 "HTTP" 192.168.1.15
…..
…..

For some reason (unclear to me) untrust ip was set to X.Y.Z.155 / 29 (not 156 !):

set interface untrust ip X.Y.Z.155/29

So when MS Exchange server sends email it uses X.Y.Z.155, not X.Y.Z.156;
MX record points to X.Y.Z.156 and email not passes reverse-DNS test.

What is the easiest way to fix this?
Thank you!

 

[sikek]

There's two ways to resolve this issue.

#1 contact your ISP and have them create a reverse-DNS entry for both 155 and 156.

#2 Create a DIP and use Source NAT on the netscreen.

But the first one will resolve your issue.

 

[slava3000]

Thank you very much for your answer to my post.
There is one issue - when I tied to create DIP with 156 ip I got an error "### Invalid DIP parameter".
I selected:

ID: 4
IP range from x.y.z.156 to x.y.z.156
Port translation: SELECTED

Any ideas?

 

[sikek]

Yeah it's a range so it has to be from


IP range from x.y.z.155 to x.y.z.156