[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Port Address Translation
On Fri, Sep 29, 2000 at 05:46:05PM -0400, Shawn Chandler wrote: : : I'm curious if anyone else has run into this same situation. Basically what : I'm looking to do is have a mail server that is positioned behind a FW-1 4.0 : server answer on port 25 (smtp) only, however on the outside of the firewall : it will answer on the SMTP port for both ports 25 and another TCP port (999). : The mail server is currently setup to do automatic NAT in the firewall and : works just fine. I've tried adding a NAT entry at the top of my stack stating: : Source Dest port Xlated Source Xlated Dest Xlated Port : Any Mail Server 25 Original Mail server 999 Your reply packets are showing source port 999, not 25 as the remote client is expecting.. You'll need to undo what you've wrought with another NAT rule that will reverse the translation.. Think of it like you're doing static mode NAT, the rules come in pairs. Is there any particular reason you're running your SMTP listener on 999? If you're trying to gain security by obfuscation, you won't get all that far. Were I to portscan your mail server, and see something listening on 999, that would intrigue me enough to telnet to that port and see what pops up. At that point, your little ruse is over.. -- Jason Costomiris <>< | Technologist, geek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|