[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Fw: [FW1] mail / smtp security server problem
I checked the NAT and other than the Static-Hide NAT overlap all looks fine to me. I still haven't heard any responses directly in response to the 2 questions at the bottom. Help anyone? I think my boss will kill me if we don't get mail at work again soon. ;^) <note> address removed below since response was directly to me. ----- Original Message ----- Subject: RE: [FW1] mail / smtp security server problem > I recently had a very similar probem. Mail could get in, but not out. It > turned out to mis-configured NAT. I don't know if that is the case with > your firewall, but that is where I would start looking. I discovered the > problem by examining the log. > > David Hoobler > > > -----Original Message----- > > From: K [SMTP:[email protected]] > > Sent: Friday, July 27, 2001 7:56 PM > > To: [email protected] > > Subject: [FW1] mail / smtp security server problem > > > > > > I am having some issues I've not seen before. This is a small company > > originally only dsl router running NAT on netopia. We added a checkpoint > > FW > > on a Linux appliance (Intrusion.com, PDS2100) > > > > New installis like this: > > > > router -internet legal inside and out (anti-spoofing etc...) > > FW -external interface internet legal, internal NATted addresses. > > > > legal address range assigned to us is X.Y.Z.72/29 > > The internal interface of router is X.Y.Z.73 > > The external interface of the firewall is X.Y.Z.74 > > I configured an object for the mail server with Static NAT > > behind X.Y.Z.75 real IP 10.99.67.5/24 > > I configured a network object for all traffic on the 10.99.67.0/24 net to > > hide behind > > X.Y.Z.76 > > > > SMTP resources > > "Badmailin" rule-- from *@ourdomain.com to * > > reject > > "Goodmailin" rule-- from * to > > *@ourdomain.com accept > > "Cleanupmail" rule-- from * to * > > reject > > > > Mail can get out > > Mail cannot in > > > > When I connect to mail.ourdomain.com on port 25 using terraterm a > > connection > > is made but there is NO checkpoint banner. (no I haven't changed the > > banner > > yet, I'm still worrying about getting it working. (I ran cpconfig and > > didn't see an option like snmp to start and stop a daemon as with snmpd, > > did > > I miss one?) > > > > QUESTION 1: Might there be a NAT problem because I am hiding all of > > internal net (10.99.67.0/24) behind X.Y.Z.76, while the mail server (on > > the > > same net) is statically hiding behind X.Y.Z.75 ? Or do you have any other > > idea's? > > > > QUESTION 2: Why don't I see the smtp security server banner when I attach > > on 25? > > > > Additional insight welcome. > > > > K > > > > > > > > > > ========================================================================== > > ====== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ========================================================================== > > ====== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|