[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] CVP and relaying
Hi Chris,
My firewall didn't let me directly (manually) change the NAT rules.
Can you tell me how to do it?
I have FW-1 ver 4.1 SP 2 on Linux. the GUI is on windows machine.
Thanks a lot .
Chris F wrote:
>
> Put a rule to not NAT before your NAT rules.
>
> --- John Hardly <[email protected]> wrote:
> >
> > Hi everybody,
> > I discovered that my mail server (212.x.x.18 on my
> > DMZ) became an Open Mail Relay
> > when I installed a CVP with FW-1 4.1.
> > Every smtp connection from the FW-1 to the mail
> > server appears to come from
> > 212.x.x.17 (my localnet is nated behind 212.x.x.17
> > wich is the IP address of
> > DMZ interface on my Firewall).
> > Even if the SMTP connection come from outside my
> > company, the mail server sees only
> > that it comes from 212.x.x.17.
> > ****************
> > May 2 13:31:15 My_mail_server sendmail[9388]:
> > NAA09388:
> >
> from=<[email protected]>,
> > size=2475,
> > class=-60, pri=140475, nrcpts=1,
> > msgid=<[email protected]>,
> > proto=SMTP, relay=IDENT:[email protected]
> > [212.x.x.17]
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > ^^^^^^^^^^^
> >
> > ******************
> >
> > I'd like to know how to set up the firewall (with
> > CVP) in order that
> > the firewall let the mail server know the IP address
> > of the SMTP connection
> > instead of the IP of the Fw interface (212.x.x.17).
> > The CVP server (VirusWall ) is installed on
> > another machine (212.x.x.19)
--
John Hardly
E-mail : john (at) iav (dot) ac (dot) ma
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================