smtp problem

[technick22]

I got a weird smtp problem...

I created a nat
Any - External IP - SMTP - Original - Internal IP - SMTP
I created a rule
Any - External IP - SMTP - Allow

When i telnet from within my network to the mail server on port 25 everything works as it should. "220 SMTP Proxy Server Ready"
When i try the same thing from outside, it doesn't. It looks like it connects, but no output in telnet window.
I don't even get any log entry showing me a connection was attempted in Tracker.

I also created another nat rule to the same box (which is required)..

Any - External IP - 12321 - Original - Internal IP - 12321
I created a rule
Any - External IP - 12321 - Allow

This works fine from both inside and outside.
Also being logged fine within Tracker

Note that 12321 and SMTP are part of the same policy rule.

I have tried with both an IP that is being proxy-arped and another which isn't.
SMTP just doesn't want to connect.

ISP is not blocking SMTP

Am i missing something?

[donshoutarp]

Quote:

Originally Posted by technick22

I got a weird smtp problem...

I created a nat
Any - External IP - SMTP - Original - Internal IP - SMTP
I created a rule
Any - External IP - SMTP - Allow

When i telnet from within my network to the mail server on port 25 everything works as it should. "220 SMTP Proxy Server Ready"
When i try the same thing from outside, it doesn't. It looks like it connects, but no output in telnet window.
I don't even get any log entry showing me a connection was attempted in Tracker.

I also created another nat rule to the same box (which is required)..

Any - External IP - 12321 - Original - Internal IP - 12321
I created a rule
Any - External IP - 12321 - Allow

This works fine from both inside and outside.
Also being logged fine within Tracker

Note that 12321 and SMTP are part of the same policy rule.

I have tried with both an IP that is being proxy-arped and another which isn't.
SMTP just doesn't want to connect.

ISP is not blocking SMTP

Am i missing something?

Try creating another nat
Internal IP - Any -Any External IP - Original - Any.

[mcnallym]

Try connecting with something like Outlook Express and configure the IP as it's SMTP Server and see if that connects.

Also configure the outbound service as well.

[MarioL]

Are you sure you don't get logs? That is VERY strange, since everything works fine for the other port, you would expect to see at least a drop or something for the smtp traffic.

Are you logging implied rules? If not I think you should tick it, push the policy and try the access again. Then check the logs, making sure you don't have any filters and select the "All records option".

[chillyjim]

From the gateway:

fw monitor -e 'accept dport=25 and (dst=<external ip> or src=<internal ip>);'

This should tell you where the packets are going. If my syntax is off, the "fw monitor" info posted on http://www.cpug.org/check_point_resources.htm is very good.

[technick22]

ok i got it to work.

another question though....

in my mail headers the IP mentioned is the external IP of my firewall.

I want this IP to be the public IP of my mail server

I am using a proxy-arped IP. Do i need to use a non-proxy-arped IP?
Or do i need to configure an outgoing NAT?