|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] AW: SMTP troubles with FW-1, eSafe and a Notes SMTP Relay
hi vitaly (a) you where rhight. - the rule > - any, priv_dmz2_tmvw, smtp, allow is nonsense. only the firewall itself routes smtp traffic to the second smtp server and there is no special rule neccessary for this. i disabled the rule and all mails are still delivered and received (thanx for the tip, one rule less!!!!) the rule (a)/(b) > - priv_dmz2_tmvw, any, smtp, allow is neccessary. otherwise the smtp-server could not send any mails to any (local/remote) mx-server. therefore i had to create a nat rule. i needed this rule too, to get dns-infos of remote mx-servers. local mx-servers a defined in the local installed dns-server. regards frank -----Ursprüngliche Nachricht----- Von: Vitaly Fedrushkov [mailto:[email protected]] Gesendet: Mittwoch, 14. Februar 2001 04:16 An: Sommerfeld, Frank Cc: 'GARCIA Frédéric'; [email protected] Betreff: Re: SMTP troubles with FW-1, eSafe and a Notes SMTP Relay Good $daytime, Let me to bring back the ruleset: > - priv_dmz2_tmvw, pub_dnsservers, dns, allow > - any, priv_dmz2_tmvw, smtp, allow > - priv_dmz2_tmvw, any, smtp, allow > - any, pub_intra_mail, smtp->ZR_TMVW_SMTP,allow > - priv_intra_mail, any, smtp->ZR_TMVW_SMTP,allow >> This way priv_dmz2_tmvw is left without FW-1 SMTP protection. Why not >> just remove the second rule? Things should work anyway, provided that >> pub_intra_mail is your MX. > priv_dmz2_tmvw is a rfc-1918 class c address and could only be reached from > internal. i can live with this, but i will check if it is possible to > checkout/delete the rule. i´m thankful for deleting all unneccessaery rules > out of the base. (a) Why then do you write 'any, priv_dmz2_tmtw' and 'priv_dmz2_tmtw, any'? Assumption of nonroutability is a poor substitute for real filtering. After all, when you put 'any' in place of something more specific, you would get wrong results from rule filtering feature of your GUI. (b) Who will then deliver all your outgoing mail? To make things work, you provably have to NAT priv_dmz2_tmtw. If you do, then please discard two previous paragraphs :) Regards, Willy. -- "No easy hope or lies | Vitaly "Willy the Pooh" Fedrushkov Shall bring us to our goal, | Control Systems and Processes Division But iron sacrifice | LUKOIL Company, Chelyabinsk Branch Of Body, Will and Soul." | mailto:[email protected] +7 3512 620367 R.Kipling |..................... Scanned by Trend Micro Viruswall Verion 3.4 .............................. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
