bridging mode, ppp tunneling, IP addrs and outgoing mail (sendmail)

Gary Aitken vagabond at blackfoot.net
Fri Oct 24 16:41:58 UTC 2014 

I've got a gateway currently set up as follows:

ISP -- DSL Modem (a.b.c.d/30) -- (a.b.c.e/30) FreeBSD (a.b.c.f/30) ---
internal net

The internal net uses both public IPs and private IPs via aliases on the
interfaces.

The DSL modem is in bridging mode.

Inside the fbsd box I'm running user ppp which is set up to pass public IPs
and nat private IPs.  The fbsd box is also running the mail server
(sendmail).

Questions:

1. Since the modem is in bridging mode and ppp is tunneling, the IP addr on
stuff sent out from the fbsd machine carries the ip addr ppp uses, which is
one belonging to the ISP and not one of our assigned IP addrs.  As currently
set up, I'm using up 4 of the assigned IP addrs just to deal with the modem.
It seems to me none of those addrs will ever appear anywhere else, so is
there any reason not to use something from the set of private IPs for the
fbsd -- modem connection?

2. Because the ppp connection gets the IP addr assigned by the ISP and not
one from our assigned set, mail goes out with an origin IP addr which
is not our own.  Mail services which do reverse lookups therefore sometimes
reject mail because the claimed sender domain doesn't match the reverse dns
domain (or one of the mx records for the domain, not sure which).  Is there
a way to force sendmail to either:
  a. use an address other than the assigned one (I suspect this won't work
     because the IP addr causing the problem comes from the IP layer, not
     sendmail)
  b. direct the mail to an internal port which then takes the default route
     out subsequently?
  c. Can this be dealt with by assigning an alias IP addr to tun0 after ppp
     comes up and having sendmail send out that somehow?
  d. If necessary, the mail host could be changed to a different system on
     the internal network with a public ip addr.  That would give the
     outgoing mail a public ip addr, but seems like a big hoop to jump
     through.  Correct?

Thanks for any enlightenment,

Gary

More information about the freebsd-questions mailing list