Mailserver/NAT question

Hello everyone. I've got a desktop machine running as an imap server, and a powerbook which I use to check my email. I have an Airport network, and have a manually assigned IP address of 10.0.1.201 on my desktop machine so I can port map. So here's the thing--on my local network, if I want to receive email, I have to put 10.0.1.201 as my incoming mail server in my email app on the powerbook. Obviously, if I'm outside of my network, I have to put mymachine.mydomain.com. This is a pain since I switch back and forth. Does anyone have a solution that would enable to put just one thing as my incoming mailserver in my email app's configuration? Thanks.

[mibo]

Try a local bind on your powerbook. Set him up as the primary name server for your domain and enter the local ip-adress for your mailserver. When you´re outside you´ve normally to change your network settings, so you can enter here your normal nameserver.

[houchin]

How is your domain name determined? I have a server behind a NAT router, with some ports opened up on the NAT router and forwarded to the server. I'm then using DynDNS to get an externally usable name for my network.

I can use that external domain name from both inside and outside of my network, so if I were to do what you're doing, I could just put the external name into my settings. The only downside to this is one extra network hop. An internal connection goes from my client, to the router, to the server, instead of directly from the client to the server.

Thanks for the responses. mibo, I'm not familiar with bind, but I was beginning to think that I might have to play with name resolution on my network. houchin, I get my domain name from no-ip.com (a service similar to dyndns.org). I've noticed that commands like 'dig' and 'nslookup' don't work from my powerbook, but they do from the desktop machine. There's an error about not being able to resolve the address of 10.0.1.1 (the address of my base station) or something like that. I can't check the exact error right now as I'm temporarily without my powerbook, but I think this has something to do with why I can't use the same (external) name for my incoming mail server. Any suggestions? Thanks.

[mibo]

Well, it«s not a surprise that you can«t reach your mailserver by it«s name when you«re on your local network. You are using a non offical ip range on your network and when you«re quering an external nameserver you will get the offical ip adress of your mail server. Bind is not that hard to set up, just go to www.bind.org for downloads and howtos. While jaguar comes with 9.x and i«m an 8.x i can«t tell you too much.Most important: keep a copy of every file you are changing. For tracking down any errors keep an eye on /var/log/messages with the tail -f command when you restart bind. As long as it don«t tell you "zone ... dropped due errors" everything should work. If there are any errors it will tell you the line where the errors occure. And if you would like to speed up your surfing and make your machine indepent from your providers dns server download the root nameservers file named.root from ftp.rs.internic.net.

[houchin]

It almost sounds like you have a couple of different but related problems here.

nslookup:
I have found that nslookup often will not work unless your DNS servers are added directly to your network preferences, even if you use DHCP. So try that first. If nslookup works on one system, just run it there and it will tell you what DNS server it's using, and then enter that info on your PowerBook.

It sounds like your powerbook is trying to use your base station as a DNS server. I ran into a similar problem when trying to get my PowerBook set up to dial into our companies network through AT&T's corporate service; I could dial-in and authenticate, and some internet services worked, but nslookup wouldn't do DNS lookups because it couldn't do a reverse lookup on my DNS server. I'm not exactly sure what we did that solved the problem, but here's what we changed to get it to correctly reverse resolve the DNS server:

- If you have multiple DNS servers from your ISP and you know that one is more of a "primary" server than the others, make sure that one is listed first. This probably won't help you, but it helped me in the corporate environment because I could tell that one of the servers was the master and one was a slave.

- Add the domain name of the dns server to the search domains field in your network preferences. You can get the name of the server by running nslookup on it's IP address.

You can also try adding the names of the DNS servers to /etc/hosts and to your NetInfo database. nslookup just wants to know that the IP address can be resolved; I'm not sure if it really cares how that resolution happened.



Now on to your original problem, of wanting a single name to use to get to your mail server. You really should be able to use your no-ip name from inside your network. All that does is assign an IP address to a name, and a client inside your network can lookup that name just as well as an external client can. Let's just say your external IP address is 1.2.3.4. Both an internal client and an external client will do the same DNS lookup on you.no-ip.com and get back 1.2.3.4. The only difference is this:

- An external client packet will route through the internet and get to your Cable/DSL router, which you've said is set up to forward the mail ports to your internal server. I assume that this is working correctly. If this is not working, then you have a different problem, and we'll need more information to solve that one.

- An internal client packet will route through your internal network and hit the LAN side of your router. The router will see that the packet is intended for the internet at large, and forward the packet out through the WAN interface. If the router is smart, it will realize that the "hey, that packet's for me" and just route it back through itself and through the port forwarding to your internal server. If the router's not so smart, the packet will just take an extra hop to your ISP's router and be sent back to you, and into your internal network. Of course, if external access is not working, then this will not work either.


Hope this helps,
Scott

Thanks again for the responses. I checked out bind.org, but I think that might be a little beyond me right now. Maybe if I study networking for a few more months I'll get it houchin, I think I'm close. After taking your advice and putting the DNS server info in my Network prefs, nslookup now works. I restarted the machine, but still no go with my email. Strange, very strange. I had thought of adding something to /etc/hosts, but saw that NetInfo is consulted normally. I got stuck at that point. If I were to put the DNS server info in NetInfo, do you have any idea on how to do that (ie add a property/value, or add something to /machines, etc)? And yes, I can get my email from outside my network with machine.domain.com as my incoming mailserver. You'd think that that would work while behind the base station, too. Shrug.

[houchin]

On my system, I just ssh'ed to my server (inside my network), using my DnyDNS domain name. The easy way to test this from inside your network is to just telnet to the pop3 port (assuming you have pop3 setup):

telnet you.no-ip.com pop3

If it connects and you get the welcome message from the POP server, then you're all set. If you're using IMAP, just substitute "imap" for "pop3"


I would add the names of your dns servers to both /etc/hosts and to the NetInfo database. While most of the Mac stuff does use NetInfo, some things still look in /etc/hosts (like sendmail).

To add them to NetInfo, just duplicate an entry in the machines directory and change the name and value. Or, make a text file (called myhosts.txt for this example) in the same format as /etc/hosts and then run:

sudo niload -m hosts / < myhosts.txt

[houchin]

I should also add that if you're inclined to set up a DNS server on your local network, install webmin (www.webmin.org) on that system and use it to configure bind. It's not that hard, and there's enough info on the documentation pages referenced on the webmin site to get you going.

I did that the other night, and now have all my machines named <x>.home

Crazy. I've always had to do 'ssh me@10.0.1.201'; I've never been able to do it using the domain name (from within my local network). I just tried 'ssh me@mydomain.no-ip.com' and I got

ssh: connect to address 1.2.3.4 port 22: Connection refused

where 1.2.3.4 is the IP address that I get if I do 'ping mydomain.no-ip.com' (my "real" IP address). I also tried what you suggested using telnet, and got

Trying 1.2.3.4...
telnet: connect to address 1.2.3.4: Connection refused
telnet: Unable to connect to remote host

So, I'll have to try bind afterall, I guess. The desktop machine is a Linux machine, so I'll pursue bind that way. Thanks again for the help, I really appreciate it.

[houchin]

Is your router set to forward port 22 and 23 (ssh and telnet), or just the mail ports?

What brand of router are you using? Mine's an XRouter Pro. On this one, it works just fine.

However, I should note that I also have a SMC wireless router (behind the XRouter Pro). I just tried this on that router and using the external IP address from inside the LAN doesn't work.

After thinking about the BIND solution a bit more, I'm not sure it's really going to work out for you. Yes, you can define a forward master zone for no-ip.com to define you.no-ip.com to your local address, but then you clients will ask your server to resolve other no-ip.com addresses, and you're server won't be able to do it. Also, due to DNS caching on your powerbook, you might have problems when you transition between your local and external networks as it might not always get the updated definition of you.no-ip.com

Your best bet might be to just write an Applescript to change the IMAP server in mail when you transition.

Ya know, I'm starting to think it's the router. My router is an Airport Base station, and ports 22, 25, and 993 are open (no wonder telnetting didn't work last night). But here's the thing--today, I went to work, and nslookup worked fine on the Airport network there. I had to remove my isp's DNS info from the Network pref pane first, but it actually used a valid DNS server, not the base station's IP like it tries to do at home. Last night, I thought I'd be sneaky and put

10.0.1.201 homemachine.mydomain.no-ip.com

in /etc/hosts and in /machines in NetInfo Manager, and it actually worked when I used homemachine.mydomain.no-ip.com for my incoming mail server. But as soon as I got to work today (and off of my home network) it failed. I was hoping that it'd look for 10.0.1.201 first, and then move on to the real (outside world) IP when it didnt' find it. Applescript, eh? My expertise is sadly lacking in that department; I might have to throw in some bits of shell script (where my expertise is slightly lacking). I'll study any Applescripts dealing with Mail that I can get my hands on, but I think it'll have to be something like "if my IP is 10.0.1.2 (I'm at home) then set my smtp mail server to 10.0.1.201; else (I'm not at home) set my smtp mail server to homemachine.mydomain.no-ip.com". You've been very helpful, I really appreciate it.

-TiMan

[houchin]

Quote: Originally posted by Titanium Man Last night, I thought I'd be sneaky and put 10.0.1.201 homemachine.mydomain.no-ip.com in /etc/hosts and in /machines in NetInfo Manager, and it actually worked when I used homemachine.mydomain.no-ip.com for my incoming mail server. But as soon as I got to work today (and off of my home network) it failed.

Yeah, this is definitely not going to work. You've told the system that the IP address of your server is 10.0..., which is a valid address no matter where you go.

You're best bet probably is to just use an AppleScript. I have a similar situation, except that I use Eudora instead of Mail, and a lot of crappy proxy stuff to deal with at work.

Here's a script someone put together to automagically change your SMTP server when you change your network location. If you can manage to understand this, you should be able to modify it to change your IMAP server. Take a look at the AppleScript Dictionary for Mail (Open Dictionary... in Script Editor). You can actually do quite a lot.

http://interconnected.org/src/autosmtp/

Wow, that's quite a script, thanks. I'll have to dig through it and see if I can get it to change my incoming server instead of the smtp server. I'll post if I come up with anything.

[mibo]

Thanks for the webmin tip hoochin, i always forget about it (doing to much terminal hacking). But you can normally forget about the trick connecting to the outside interface of the router from inside. Most routers can´t handle such requests. But webmin should really help to set up bind.