[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SMTP: Connection Refused
Claes, Do the DNS queries and the FTP connections happen to the same system ? Do you use the same rule for FTP and for SMTP ? From what I read in the tcpdump output, you are NATting the address of the mail server, are you sure everything is correct in there ? Both incoming and outgoing ? It seems to me that the mail server sees the SYN packet but never answers to it. Just as a test, put a rule allowing smtp from the Firewall to the SMTP server, and try to telnet on port 25 from the Firewall to see what happens. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ===================================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ===================================================================== -----Original Message----- From: Claes Jansson [mailto:[email protected]] Sent: Monday, September 10, 2001 7:47 PM To: [email protected] Subject: [FW1] SMTP: Connection Refused Hi, my very wierd problem is as follows. I got a dns/mail-router host on the dmz (static nat). When i try to connect to the ns/mail-router on port 25 with SendMail/Telnet whatever, i get Connection refused. The dns queries goes through just fine, also ftp, and not by the default rule. The most wierd thing is that if i change to a microsoft smtp-host it works :-(. From a "internet" computer i do this --- [root@test /root]# telnet 62.x.x.a 25 Trying 62.x.x.a... telnet: Unable to connect to remote host: Connection refused --- The target computer gets this with tcpdump: --- 23:23:13.937159 eth0 < 62.x.x.b.4682 > 10.8.1.30.smtp: S:(0) win 5840 <mss 1460,sackOK,timestamp 112960398 0,nop,wscale 0> (DF)23:23:13.937159 eth0 > 10.8.1.30.smtp > 62.x.x.b.4682: R 0:0(0) ackwin 0 (DF) --- The firewall says this: --- 19:23:59 accept fw01.nykoping.se >eth0 proto tcp src 62.x.x.b dst 62.x.x.a service smtp s_port 4682 len 60 rule 6 xlatesrc 62.x.x.b xlatedst 10.8.1.30 xlatesport 4682 xlatedport smtp --- Internet-Computer: Linux 7.1 (2.4.x) Firewall: Linux 7.0 (2.2.19-7.0.8) CPfw 4.1-SP4 (CPSUITE-EVAL-DES-V41) Target (smtp-host) Linux 7.1 (2.4.x) running SendMail does anyone have any sugestions? Im all out :-/ Running on this EVAL licens due to that we're moving from one ISP to another. best regards. //Claes Jansson - Sweden ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|