Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 3596 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Affect which IPv6 is used for outgoing mails

ZeusDionysos

Hello all,

I have a problem with the IP address which is used for outgoing mails.

We use the Email Protection with the simple mode proxy and inside our network there is an Exchange server.

We have one WAN interface and no Uplink Balancing or Multipath Rules activated.

Our WAN Interface got the following address configuration (fictional addresses):

-

On our WAN interface we've got some additional IP addresses for Webservers.

The IPv4 are: 42.42.42.43, .44, .45 and the IPv6 are co:ff:ee::dd42, ::4242, ::3a3b. Our Exchange server have an IP from our LAN: co:ff:ee:1::42.

Everything is configured to use Dualstack. If I now send a mail to a mailserver which is also available over IPv6 our Sophos sends the mail over one of the additional addresses, to be specific, it use the co:ff:ee::dd42 address. This IPv6 address is used with the 42.42.42.45 for a webserver.

If I the mail is send with IPv4 the Sophos use the 42.42.42.42 address which is the address of our WAN interface (only interface with a gateway). That sending (regarding the IPv4) is how we want it.

But why don't use the Sophos the IPv6 from our WAN interface? Why does it instead use the co:ff:ee::dd42?

Is it possible to change a setting that the Sophos use the co:ff:ee::2 for sending our IPv6 mails? If yes, how?

Best regards

Christian



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Scott_Klassen

    Hello Scott,

    with SNAT I'm not sure what I need in the SNAT rules.

    What is going in the "For traffic from"? I would guess it should be the Sophos itself (because it works as a mail gateway).
    What is going in the "Going to"? The co:ff:ee::dd42?
    And "Change the sorce to" should be then co:ff:ee::2?
    Is that correct? I guess I would need two rules, one for SMTP and one for SMTP SSL?

    And another question. As I took a look at my NAT rules I discovered we are using a rule for Masquerading:

    Could this be the cause why the Sophos is using the 42.42.42.42 for sending mails and surfing?
    Because with IPv6 the surfing is also going over the co:ff:ee::dd42.

    What could go wrong if I add another Masquerading rule for IPv6, Any IPv6 -> WAN?

    Regards, Christian

  • 0 in reply to ZeusDionysos

    ZeusDionysos said:
    But why don't use the Sophos the IPv6 from our WAN interface? Why does it instead use the co:ff:ee::dd42?

    Last days I took a closer look with a workmate. It looks like the Sophos is using at least for Web Proxy and E-Mail Protection the highest availabe IPv6 address. I tested it with defining another additional IPv6 address (::ffff) and after activating it the Sophos used co:ff:ee::ffff.

    As a Solution I use now my highest IPv6 instead the co:ff:ee::2 for the Web Proxy and sending Mail.

    Anyone know if this is a bug or a feature?

    Regards, Christian

Unfiltered HTML