I have inherited an environment where many things don't make sense and I am now in charge of making changes to it and for this I have to understand what the hell is going on before I modify.
Long story short - there is an email server on the LAN and a firewall on the WAN. The WAN IP of the firewall ends in .89. The A record for the email server ends in .90. (The IP pool we have is .89-.93 although only 1 address, .89, is actually plugged in - there is only one line that terminates in the server closet from the ISP).
I am trying to figure out how this is possible. By logic I can conjure, unless the ISP is doing something to redirect traffic from the .90 address (which is not physically plugged in) to the .89 address, nothing addressed to .90 should arrive at .89 - but it does.
I was told by the ISP that they were not doing anything of this kind, but I have run out of other ideas... I only need to know because the IP pool is getting changed (the ISP is switching to a different address pool) and I need to know about all the configuration points to make sure that once the IP change happens, there will be no stale configurations in place and email will flow to the new address correctly after the DNS modification propagates.
Please let me know if there are any other scenarios you can think of that could be happening here. I don't think the firewall could be doing the redirecting when its WAN IP is .89 and therefore shouldn't see any traffic directed to .90, should it?
Thanks in advance,
M
Your ISP has configured their routing so that any traffic for your assigned netblock (.89-.93) is sent to .89.
Maybe your firewall is doing Transparent NAT for that IP? (though that would be pretty unlikely given the setup). Also, could just be simple NAT on the firewall sending the .90 traffic to your mail server.
Or maybe a VLAN over the LAN interface on the firewall that created a DMZ for the mail servers IP?
I'd look at the firewall, I suspect your answer is there.
How about the MX record? Is it possible that this one points to a host that instead has an A record of .89? Then everything is fine and you can forget about the A record of the domain.
I don't buy that the ISP is not routing a block of addresses that they own to the customer that they've allocated the block to. I would run a tracert from outside the network to each of the ip addresses that you've been allocated and see what path the trace takes.
The firewall is most likely arping for traffic that is bound to 'things' behind it - it is configured as such. Doing a 'show ip arp' on the ISP's router would most likely indicate .89 and .90 have the same MAC address. Is the mail server on the LAN configured with .90, and if so, what does the internal LAN config on the port look like, and what are the firewall/nat/whatever commands on the firewall like?