PDA

View Full Version : smtp problem



technick22
2007-12-05, 12:41
I got a weird smtp problem...

I created a nat
Any - External IP - SMTP - Original - Internal IP - SMTP
I created a rule
Any - External IP - SMTP - Allow

When i telnet from within my network to the mail server on port 25 everything works as it should. "220 SMTP Proxy Server Ready"
When i try the same thing from outside, it doesn't. It looks like it connects, but no output in telnet window.
I don't even get any log entry showing me a connection was attempted in Tracker.

I also created another nat rule to the same box (which is required)..

Any - External IP - 12321 - Original - Internal IP - 12321
I created a rule
Any - External IP - 12321 - Allow

This works fine from both inside and outside.
Also being logged fine within Tracker

Note that 12321 and SMTP are part of the same policy rule.

I have tried with both an IP that is being proxy-arped and another which isn't.
SMTP just doesn't want to connect.

ISP is not blocking SMTP

Am i missing something?

donshoutarp
2007-12-05, 13:23
I got a weird smtp problem...

I created a nat
Any - External IP - SMTP - Original - Internal IP - SMTP
I created a rule
Any - External IP - SMTP - Allow

When i telnet from within my network to the mail server on port 25 everything works as it should. "220 SMTP Proxy Server Ready"
When i try the same thing from outside, it doesn't. It looks like it connects, but no output in telnet window.
I don't even get any log entry showing me a connection was attempted in Tracker.

I also created another nat rule to the same box (which is required)..

Any - External IP - 12321 - Original - Internal IP - 12321
I created a rule
Any - External IP - 12321 - Allow

This works fine from both inside and outside.
Also being logged fine within Tracker

Note that 12321 and SMTP are part of the same policy rule.

I have tried with both an IP that is being proxy-arped and another which isn't.
SMTP just doesn't want to connect.

ISP is not blocking SMTP

Am i missing something?

Try creating another nat
Internal IP - Any -Any External IP - Original - Any.

mcnallym
2007-12-06, 03:47
Try connecting with something like Outlook Express and configure the IP as it's SMTP Server and see if that connects.

Also configure the outbound service as well.

MarioL
2007-12-06, 06:44
Are you sure you don't get logs? That is VERY strange, since everything works fine for the other port, you would expect to see at least a drop or something for the smtp traffic.

Are you logging implied rules? If not I think you should tick it, push the policy and try the access again. Then check the logs, making sure you don't have any filters and select the "All records option".

chillyjim
2007-12-06, 09:52
From the gateway:

fw monitor -e 'accept dport=25 and (dst=<external ip> or src=<internal ip>);'

This should tell you where the packets are going. If my syntax is off, the "fw monitor" info posted on http://www.cpug.org/check_point_resources.htm is very good.

technick22
2007-12-07, 10:03
ok i got it to work.

another question though....

in my mail headers the IP mentioned is the external IP of my firewall.

I want this IP to be the public IP of my mail server

I am using a proxy-arped IP. Do i need to use a non-proxy-arped IP?
Or do i need to configure an outgoing NAT?