[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Anti Spoofing
"©¿©¬ JGuevarra" wrote: > Hi To All! > Why does my mail server cant receive any emails if I > turned spoofing on both internal and external > interfaces? It works only if spoofing is none. I want > to enable spoofing and can received mails at the same > time. Hi, it seems that you use destination static NAT. If so, and you are not using NG with automatic NAT, the NAT will occur at the internal NIC of your firewall. So you have defined in Anti-Spoofing: external NIC: OTHER internal NIC: This Net Due to NAT at the internal NIC, you have spoofing at this NIC, because the official IP of your mail server comes to the internal NIC as destination. Here the outgoing Anti-Spoofing check is done. To receive mail, you will have to add this IP to the addresses accepted by the internal NIC. Define a workstation with this IP and a group (e.g. intaddresses) with your internal networks and this new workstation. external NIC: OTHER internal NIC: SPECIFIC - intaddresses (internal addresses + official IP of mailserver) For a better control in the properties for Anti-Spoofing check LOG. If a spoofing is detected, you will find a drop due to rule 0 in your log. Hope it helps, best regards, Matthias http://www.fw-1.de --- AERAsec Network Services and Security GmbH Wagenberger Strasse 1 D-85662 Hohenbrunn, Germany http://www.aerasec.de ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|