[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] mail / smtp security server problem
I am having some issues I've not seen before. This is a small company originally only dsl router running NAT on netopia. We added a checkpoint FW on a Linux appliance (Intrusion.com, PDS2100) New installis like this: router -internet legal inside and out (anti-spoofing etc...) FW -external interface internet legal, internal NATted addresses. legal address range assigned to us is X.Y.Z.72/29 The internal interface of router is X.Y.Z.73 The external interface of the firewall is X.Y.Z.74 I configured an object for the mail server with Static NAT behind X.Y.Z.75 real IP 10.99.67.5/24 I configured a network object for all traffic on the 10.99.67.0/24 net to hide behind X.Y.Z.76 SMTP resources "Badmailin" rule-- from *@ourdomain.com to * reject "Goodmailin" rule-- from * to *@ourdomain.com accept "Cleanupmail" rule-- from * to * reject Mail can get out Mail cannot in When I connect to mail.ourdomain.com on port 25 using terraterm a connection is made but there is NO checkpoint banner. (no I haven't changed the banner yet, I'm still worrying about getting it working. (I ran cpconfig and didn't see an option like snmp to start and stop a daemon as with snmpd, did I miss one?) QUESTION 1: Might there be a NAT problem because I am hiding all of internal net (10.99.67.0/24) behind X.Y.Z.76, while the mail server (on the same net) is statically hiding behind X.Y.Z.75 ? Or do you have any other idea's? QUESTION 2: Why don't I see the smtp security server banner when I attach on 25? Additional insight welcome. K ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|