| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] mail / smtp security server problem
I am having some issues I've not seen before. This is a small company
originally only dsl router running NAT on netopia. We added a checkpoint FW
on a Linux appliance (Intrusion.com, PDS2100)
New installis like this:
router -internet legal inside and out (anti-spoofing etc...)
FW -external interface internet legal, internal NATted addresses.
legal address range assigned to us is X.Y.Z.72/29
The internal interface of router is X.Y.Z.73
The external interface of the firewall is X.Y.Z.74
I configured an object for the mail server with Static NAT
behind X.Y.Z.75 real IP 10.99.67.5/24
I configured a network object for all traffic on the 10.99.67.0/24 net to
hide behind
X.Y.Z.76
SMTP resources
"Badmailin" rule-- from *@ourdomain.com to *
reject
"Goodmailin" rule-- from * to
*@ourdomain.com accept
"Cleanupmail" rule-- from * to *
reject
Mail can get out
Mail cannot in
When I connect to mail.ourdomain.com on port 25 using terraterm a connection
is made but there is NO checkpoint banner. (no I haven't changed the banner
yet, I'm still worrying about getting it working. (I ran cpconfig and
didn't see an option like snmp to start and stop a daemon as with snmpd, did
I miss one?)
QUESTION 1: Might there be a NAT problem because I am hiding all of
internal net (10.99.67.0/24) behind X.Y.Z.76, while the mail server (on the
same net) is statically hiding behind X.Y.Z.75 ? Or do you have any other
idea's?
QUESTION 2: Why don't I see the smtp security server banner when I attach
on 25?
Additional insight welcome.
K
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
