NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SMTP: Connection Refused




Hi,


i put up a rule that allowed dns(tcp+udp), smtp and ftp. it looks like this:

---<snip>---
                        :src (
                                : Any
                        )
                        :dst (
                                : mail-router
                                : referens-computer
                        )
                        :services (
                                : smtp
                                : dns
                                : ftp
                        )
                        :action (
                                : (accept
                                        :type (accept)
                                        :macro (RECORD_CONN)
                                        :icon-name (icon-accept)
                                        :text-rid (61463)
                                        :windows-color (green)
                                )
---<snip>---

This is what i do:

Firewall (10.2.1.1) ----->--to-->----- DNS/Mail-Router (10.2.1.10)

Firewall
======
---(shell command)---
[root@fw01 /root]# telnet 10.2.1.10 25
Trying 10.2.1.10...
telnet: connect to address 10.2.1.10: Connection refused

---(tcpdump output)---
10:05:20.330973 > 10.2.1.1.1126 > 10.2.1.10.smtp: S:(0) win 32120 <mss 1460,sackOK,timestamp 5067718 0,nop,wscale 0> (DF) [tos 0x10]
10:05:20.331221 < 10.2.1.10.smtp > 10.2.1.1.1126: R 0:0(0) ackwin 0 (DF) [tos 0x10]
---


---(fw log)---
there are no smtp-entries in the firewall log!!!
long-log on all rules! dns-queries gets in the log. but not smtp.

DNS/Mail-Router
=============

---(tcpdump output---
10:05:19.850000 eth0 < 10.2.1.1.1126 > 10.2.1.10.smtp: S:(0) win 32120 <mss 1460,sackOK,timestamp 5067718 0,nop,wscale 0> (DF) [tos 0x10]
10:05:19.850000 eth0 > 10.2.1.10.smtp > 10.2.1.1.1126: R 0:0(0) ackwin 0 (DF) [tos 0x10]


im digging further in to this problem, as right now but any help is wanted. Currently recompling the kernel with less shit that RedHat includes in the default configuration.

best regards.

//Claes Jansson - SWEDEN



At 07:57 2001-09-11 +0100, you wrote:
Claes,

Do the DNS queries and the FTP connections happen to the same system ?

Do you use the same rule for FTP and for SMTP ?

   From what I read in the tcpdump output, you are NATting the address of
 the mail server, are you sure everything is correct in there ? Both
 incoming and outgoing ? It seems to me that the mail server sees the SYN
 packet but never answers to it. Just as a test, put a rule allowing smtp
 from the Firewall to the SMTP server, and try to telnet on port 25 from
 the Firewall to see what happens.

Met vriendelijke groeten - Bien à vous - Kind regards

Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65

=====================================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
=====================================================================



-----Original Message-----
From: Claes Jansson [mailto:[email protected]]
Sent: Monday, September 10, 2001 7:47 PM
To: [email protected]
Subject: [FW1] SMTP: Connection Refused



Hi,

my very wierd problem is as follows. I got a dns/mail-router host on the
dmz (static nat). When i try to connect to the ns/mail-router on port 25
with SendMail/Telnet whatever, i get Connection refused. The dns queries
goes through just fine, also ftp, and not by the default rule. The most
wierd thing is that if i change to a microsoft smtp-host it works :-(.

 From a "internet" computer i  do this
---
[root@test /root]# telnet 62.x.x.a 25
Trying 62.x.x.a...
telnet: Unable to connect to remote host: Connection refused
---

The target computer gets this with tcpdump:
---
23:23:13.937159 eth0 < 62.x.x.b.4682 > 10.8.1.30.smtp: S:(0) win 5840 <mss 1460,sackOK,timestamp 112960398
0,nop,wscale 0> (DF)23:23:13.937159 eth0 > 10.8.1.30.smtp > 62.x.x.b.4682:
R 0:0(0) ackwin 0 (DF)
---


The firewall says this: --- 19:23:59 accept fw01.nykoping.se >eth0 proto tcp src 62.x.x.b dst 62.x.x.a service smtp s_port 4682 len 60 rule 6 xlatesrc 62.x.x.b xlatedst 10.8.1.30 xlatesport 4682 xlatedport smtp ---

Internet-Computer:              Linux 7.1 (2.4.x)
Firewall:                       Linux 7.0 (2.2.19-7.0.8) CPfw 4.1-SP4
(CPSUITE-EVAL-DES-V41)
Target (smtp-host)              Linux 7.1 (2.4.x) running SendMail


does anyone have any sugestions? Im all out :-/ Running on this EVAL licens due to that we're moving from one ISP to another.

best regards.

//Claes Jansson - Sweden



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.