Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

Exchange mailserver stopped working when router was replaced

Because of an ADSL line upgrade we were forced to change our router.

I plugged in the new router, set up the ISP username and password, gave it the right internal IP address (A.B.C.2) and hey presto, we were on the internet again, and VoIP was working.

However, our Exchange mailserver, on the SBS server at A.B.C.253, while able to send mail out, was not collecting any external mail.

We got 5 static IP addresses from our ISP, viz:

"    *  the network address is: X.Y.Z.192
    * your router/hub address is: X.Y.Z.198
    * your subnet mask address is: 255.255.255.248 if you have 5 Static IP addresses or 255.255.255.240 if you have 13 Static IP addresses
Your computers can use addresses from X.Y.Z.193 to X.Y.Z.197 "

In DNS our mailserver is set to X.Y.Z.193, but the router is X.Y.Z.198

I think we simply need to set up a route in the router that will convert external IP = X.Y.Z.193 to internal IP = A.B.C.253

correct?
0
zorba111
Asked:
zorba111
  • 7
  • 3
  • 2
  • +1
5 Solutions
 
Glen KnightCommented:
You need to forward port 25 being received on x.y.z.193 to a.b.c.253
0
 
Craig BeckCommented:
Try adding the following line:

ip nat inside source static tcp A.B.C.253 25 X.Y.Z.193 25


Also, you need to check that the DNS for your domain name is correct if you have been assigned a different IP range from what you had before.  If you have the same IP range you can ignore the below...

In your DNS zone you need to check the MX record to get the hostname of your mail server, then edit the A record for that host.
So, if your MX record is MAIL.YOURDOMAIN.COM you need to change the IP address for the host called MAIL to X.Y.Z.193
0
 
Craig BeckCommented:
Eek... Just noticed I posted a config for Cisco routers!

Agree with demazter.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
zorba111Author Commented:
thanks guys,

just to point out that NOTHING else has changed, just the ADSL line was upgraded
(AFAIK all our ADSL subscription details are the same, surely the ISP wouldn't change these without notifying us, or have any need to change these?)

...which necessitated a change of router

so @craigbeck, we shouldn't need to change DNS


0
 
zorba111Author Commented:
just to check guys:

The info i got from the ISP is:

"    *  the network address is: X.Y.Z.192
    * your router/hub address is: X.Y.Z.198
    * your subnet mask address is: 255.255.255.248 if you have 5 Static IP addresses or 255.255.255.240 if you have 13 Static IP addresses
Your computers can use addresses from X.Y.Z.193 to X.Y.Z.197 "


therefore, any traffic for IP addresses in the range X.Y.Z.193 to X.Y.Z.197 will wind up at our router (with IP address X.Y.Z.198) ?

funny, when I ping the IPs from X.Y.Z.192 to X.Y.Z.198

I get replies from a weird IP address, 81.148.64.1, for all but the "router" IP (X.Y.Z.198).

Is this significant?
0
 
Craig BeckCommented:
If nothing has changed then DNS is fine.

If you don't have any services forwarded to other addresses from your range there will be no reply, so the replies from 81.148.64.1 will be from your ISP.


Some routers do this differently.  If you have a Cisco router you can let its dialer interface use the address your ISP told you to assign to your router, then add the other IP addresses via NAT translations.  Other routers won't allow you to do this, so you have to set the WAN to DHCP and the LAN to the address the ISP told you to assign to your router.  This would mean that your LAN is actually on the public internet, and you don't want that.

What router do you have?
0
 
zorba111Author Commented:
Our "new" router is a Draytek Vigor 2800G. I say "new" because we actually used it on the LAN before we got the juniper.

I looked at the Port Forwarding table on the Draytek, and there already is an entry, called SBS-EXCH, which redirects any TCP traffic on port 25, to A.B.C.253, port 25.

So its something else stopping the email reaching the server?
0
 
tgultekinCommented:
I guess there is 1 ADSL port and a WAN port on the Draytek, you must forward port 25 from ADSL line to A.B.C.253... port 25
0
 
zorba111Author Commented:
@tgultekin
there is only an ADSL port on the Draytek, no seperate WAN port...
0
 
zorba111Author Commented:
I think I know what was missing!!

The router didn't know that it was acting as an access point for a RANGE of IP addresses, it thought it was only acting as ONE IP address (the router IP address X.Y.Z.198).

In the router config pages:

Internet Access > PPPoE / PPPoA > IP Address From ISP > WAN IP Alias > <fill in all the other static IPs!!>

As the manual says:

WAN IP Alias - If you have multiple public IP addresses and
would like to utilize them on the WAN interface, please use WAN
IP Alias. You can set up to 8 public IP addresses other than the
current one you are using.

I added in the other static IP addresses that we are leasing from our ISP, including the one that our mailserver is using, and lo and behold! mail started arriving in our inboxes !!!

ONe question, should I tick the box "Join NAT IP Pool" at the end of each line in the "WAN IP Alias" field ?
0
 
tgultekinCommented:
@zorba111: No you don't have to select "Join NAT IP Pool".
Having that box enabled randomises the outgoing IP address from the pool.
If you are using MultiNAT, multiple port forwards,LAN users could have problems with banking or other high security sites.
0
 
zorba111Author Commented:
@tgultekin

I didn't want to change this setting as things seemed to be working "if it ain't broke don't fix it" IIABDFI ? lol.
As it happens we did start to have problems with a banking site after switching routers. I remembered this last post (but not your explicit warning about banking sites - my bad), so came back to it and discovered your solution. So many thanks....

note to self... MultiNAT is mapping internal IP addresses (...NAT) to >1 (...multi) external IP addresses.

see also:
http://www.draytek.co.uk/support/kb_vigor_multinat.html
0
 
zorba111Author Commented:
tagged my own answer as I got there on my own largely, but others comments helped my overall understanding. Especially tgultekin who helped prevent another problem that arose that wasn't anticipated in the original problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now