Re: can't send some mail through the firewall
From: Leythos (void_at_nowhere.com)
Date: 12/02/03
- Next message: Charles: "Norton AntiVirus Spam Folder"
- Previous message: T.R.: "Re: zone alarm"
- In reply to: blasapher: "can't send some mail through the firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 02 Dec 2003 21:11:10 GMT
[This followup was posted to comp.security.firewalls and a copy was sent
to the cited author.]
In article <607e9005.0312021035.62bd4416@posting.google.com>,
blasapher@cox.net says...
> First, let me describe our setup. We are a development company, but
> we host some websites for clients. We have a class c range of public
> IP addresses as well as our private network. Our office configuration
> is T1-> router -> firewall, and behind the Watchguard firewall is both
> our public (optional) and private (trusted) network.
>
> There are 2 problems, but I think they are related.
> 1) None of our servers sitting on our public/optional network can
> email to known addresses on our private side; but the rest of the
> world can email us just fine.
>
> 2) From our public/optional network, we can not telnet over port 25 to
> our exchange server; but again we can do that just fine from any where
> in the world.
Did you create an SMTP rule that allows the OPTIONAL network to access
the SMTP server in the private network? If you allow External to
Optional SMTP and External to Trusted, but don't allow Optional to
Trusted you can't send email.
My Exchange server sits in the DMZ, my access to it is through a one way
Trusted > Optional ANY ports rule, I have a LAN side DNS server that has
entries that points to the private IP of the SMTP server. The Optional
network does not have any mapping to the LAN.
If I understand you correctly, your SMTP server is in the Trusted (LAN)
network and you want to use it from the Optional (DMZ) network. This
means you have to create a SMTP rule from OPTIONAL to TRUSTED and the
Optional network must have a DNS server or HOST files for the mapping to
the private IP of the SMTP server.
I would consider DNS - if you use 192.168.4.X for trusted, and
192.168.5.X for Optional, when you ping the SMTP servers NAME, what IP
address does it come back with? If it comes back with the PUBLIC IP then
you need to setup a DNS server in the optional network or use host files
to let the systems in the optional network know that they should use the
private IP of the smtp server.
The firebox will not route optional nat address out the external
interface and then back into the trusted nat interface.
> The error we are seeing on the servers that are generating the emails
> to be sent is: remote server did not respond to a connection attempt.
>
> We've checked, and checked, and checked everything on the firewall and
> exchange server and can't seem to find what we are missing. Any ideas
> would be greatly appreciated!
See above.
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Charles: "Norton AntiVirus Spam Folder"
- Previous message: T.R.: "Re: zone alarm"
- In reply to: blasapher: "can't send some mail through the firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
