[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re: SMTP troubles with FW-1, eSafe and a Notes SMTP Relay
Good $daytime, Let me to bring back the ruleset: > - priv_dmz2_tmvw, pub_dnsservers, dns, allow > - any, priv_dmz2_tmvw, smtp, allow > - priv_dmz2_tmvw, any, smtp, allow > - any, pub_intra_mail, smtp->ZR_TMVW_SMTP,allow > - priv_intra_mail, any, smtp->ZR_TMVW_SMTP,allow >> This way priv_dmz2_tmvw is left without FW-1 SMTP protection. Why not >> just remove the second rule? Things should work anyway, provided that >> pub_intra_mail is your MX. > priv_dmz2_tmvw is a rfc-1918 class c address and could only be reached from > internal. i can live with this, but i will check if it is possible to > checkout/delete the rule. i´m thankful for deleting all unneccessaery rules > out of the base. (a) Why then do you write 'any, priv_dmz2_tmtw' and 'priv_dmz2_tmtw, any'? Assumption of nonroutability is a poor substitute for real filtering. After all, when you put 'any' in place of something more specific, you would get wrong results from rule filtering feature of your GUI. (b) Who will then deliver all your outgoing mail? To make things work, you provably have to NAT priv_dmz2_tmtw. If you do, then please discard two previous paragraphs :) Regards, Willy. -- "No easy hope or lies | Vitaly "Willy the Pooh" Fedrushkov Shall bring us to our goal, | Control Systems and Processes Division But iron sacrifice | LUKOIL Company, Chelyabinsk Branch Of Body, Will and Soul." | mailto:[email protected] +7 3512 620367 R.Kipling | ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|