Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] CVP and relaying

To: Chris F <[email protected]>
Subject: Re: [FW1] CVP and relaying
From: John Hardly <[email protected]>
Date: Fri, 04 May 2001 15:11:40 +0000
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

Hi Chris,
I've edited the the NAT rules as you suggested me :
FW-1  Mail_server  any | =Original  =original  =Original
I put this rule at the top but It doesn't help, The SMTP security server
still strip the true sender's IP address and Our mail server (DMZ) get only
the external Interface's  IP address.
Any other suggestions Chris?
Thanks.

Chris F wrote:
> 
> In your Win Gui, click on the Address Translation tab.
> 
> Then, right click on Rule 1, click "Insert Rule
> Above",
> 
> Under ORIGINAL PACKET:
> For source -- put whatever source (your FW, right?)
> For destination -- put whatever destination (your MX)
> For Service, use Any (for now -- restrict later if you
> want)
> 
> Under TRANSLATED PACKET:
> Put ORIGINAL all the way across.
> 
> I think this is what you want... but I'm fried and
> leaving for the day. Let me know if I'm missing the
> boat here tomorrow :)
> 
> HTH -- Chris
> 
> --- John Hardly <[email protected]> wrote:
> >  Hi Chris,
> > My firewall didn't let me directly (manually) change
> > the NAT rules.
> > Can you tell me how to do it?
> > I have FW-1 ver 4.1 SP 2 on Linux. the GUI is on
> > windows machine.
> > Thanks a lot .
> >
> > Chris F wrote:
> > >
> > > Put a rule to not NAT before your NAT rules.
> > >
> > > --- John Hardly <[email protected]> wrote:
> > > >
> > > > Hi everybody,
> > > > I discovered that my mail server (212.x.x.18 on
> > my
> > > > DMZ) became an Open Mail Relay
> > > > when I installed a CVP with FW-1 4.1.
> > > > Every smtp connection from the FW-1 to the mail
> > > > server appears to come from
> > > > 212.x.x.17 (my localnet is nated behind
> > 212.x.x.17
> > > > wich is the IP address of
> > > > DMZ interface on my Firewall).
> > > >  Even if the SMTP connection come from outside
> > my
> > > > company, the mail server sees only
> > > > that it comes from 212.x.x.17.
> > > > ****************
> > > > May  2 13:31:15 My_mail_server sendmail[9388]:
> > > > NAA09388:
> > > >
> > >
> >
> from=<[email protected]>,
> > > > size=2475,
> > > > class=-60, pri=140475, nrcpts=1,
> > > > msgid=<[email protected]>,
> > > > proto=SMTP, relay=IDENT:[email protected]
> > > > [212.x.x.17]
> > > >             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > ^^^^^^^^^^^
> > > >
> > > > ******************
> > > >
> > > >  I'd like to know how to set up the firewall
> > (with
> > > > CVP) in order that
> > > > the firewall let the mail server know the IP
> > address
> > > > of the SMTP connection
> > > > instead of  the IP of the Fw interface
> > (212.x.x.17).
> > > >  The CVP server  (VirusWall ) is installed on
> > > > another machine (212.x.x.19)
> >
> >
> > --
> > John Hardly
> > E-mail : john (at) iav (dot) ac (dot) ma
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/

-- 
John Hardly
E-mail : john (at) iav (dot) ac (dot) ma


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Hybrid Mode
Next by Date: RE: [FW1] 4.1 SP1 version of the GUI client
Previous by thread: Re: [FW1] CVP and relaying
Next by thread: Re: [FW1] CVP and relaying
Index(es):
- Date
- Thread