Hi there I apologise I shoudl have said I was using telnet on port 25 (Not 23) I'm trying to test SMTP connections.
Many thanks
Main Topics
Browse All Topics
Loading Advertisement...
Question
Problem creating SMTP rule on watchguard X core
Right I'm guessing I am doing something wrong as I get the same error on both an X core 500 and an X Core 2500
I'm trying to get any of these setup (We have a failing firewall different make) to pass SMTP traffic to our mail server. And before I chuck this in our rack I want to be confident it is passing SMTP correctly.
At the moment this is in my office and I've made the IP's up I've got a test smtp setup on my workstation I can ping the External interface and I can telnet locally to teh test SMTP server, however when I try and telnet from the external side I get:
421 SMTP serive not available, closing transmission channel.
Connection to host lost
Which I'm sure you can see doesn't leave me with confidence.
I've also included some screenies
Now this is the first time I've setup a X Core so I may have missed some thing but I would have thought rules work the same. i.e take smtp traffic directed at specific IP and send it to IP on different NET on the internal interface, which shouldn't be complicated. This thing is system 9.1 and not Fireware Pro (Aside from the problem is Fireware Pro worth the money?)
Anyhelp greatfully accepted.
Regards
David
- screen3.jpg
- 112 KB
Service properties
- screen2.jpg
- 93 KB
service rule
- screen1.jpg
- 125 KB
Xcore
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
I can post almost anything :-)
Here is the output when I attempt to telnet
10/14/09 19:44 firewalld[121]: deny in eth0 235 udp 20 128 217.112.85.1 217.112.85.255 138 138 (default)
10/14/09 19:45 smtp-proxy[227]: [217.112.85.1:64341 192.168.1.1:25] proxy connect failed (Connection timed out)
FYI
217.112.85.1 is my laptop pretending to be a router/gateway hence why I gacve you the output and not a screeny loads of winodws tye stuff getting bounced. If you think it is relelvant I'll post it though.
I get the same error if I add 217.xxx.xxx.1 to the exceptiosmn list.
10/14/09 19:54 smtp-proxy[641]: [217.112.85.1:53998 192.168.1.1:25] proxy connect failed (Connection timed out)
Also I'm going to try some other configurations and I'll add that later.
Thanks
HI there, I do apologise for not replying, anyway in the end I ended up getting the HA licence and updating to 10.11 and since then I've been to busy to do anything. I'll update as soon as I can. I notice the interface is substantially changed in 10.11 from that of 7, so guess I'll be going what does that do again!! I';ll post as soon as I have time to get to grips with this.
Thanks so far
David
Right Well I've just finished looking at the new interface and had a play and have decided I'm moron, I can't get SMTP to pass through at all.
Infact when I telnet on 25 I can now see
2009-10-20 23:53:06 Deny 90.211.64.196 xxx.xxx.xxx.xxx smtp/tcp 2819 25 2-External 2 Firebox denied 48 123 (Unhandled External Packet-00) tcpinfo="offset 7 S 900223125 win 65535" rc="101" Traffic
xxx of course is the external facing ip of my SMTP server (well it will be if I ever get it to work).
Here's how it stands so far
Ahh yes the traffic mon screeny as well, I've blocked out my IP as this is now in my rack (No point giving any script kiddies and info they don't need)
My telnet is highlighted as denied.
- WG4.JPG
- 359 KB
Traffic Mon
Good Morning David,
Why do you have 2 devices being Natted to the same internal IP? Which one of the resources is the actual Exchange server? Have you actually tested sending and receiving email through the Firebox? Are you assuming that because you cannot telnet you will not be able to send and receive email?
LJ
Hi there,
To give you the low down it's not an exchange box (Unix based email) CGP which is awesome. As an email server. I'll explain the two external feeds. I have two netblocks one is currenly on another fierwall but will be directed to this firewall when and if I can resolve this issue. It's still on because I can't see a way of simply switching the interface off as opposed to deleting what I've already setup.
As to telnet on port 25 then if I can't do that then email won't reach the mail server.
i.e telnet smtp.mymailserver.com 25 should return something like:
220 smtp.mymailserver.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Wed, 21 Oct 2009 14:17:56 +0100
If it was Exchange and something like: 220 2kcafe.co.uk ESMTP CommuniGate Pro 5.XX.XX is glad to see you! for the mail server I run.
I'll setup the proxy I did that initially and that didn't work either. I'll get on and do that now.
Cheers
David
Well very weird:
2009-10-21 14:39:10 Allow 90.211.64.196 192.168.1.1 tcp 4230 25 2-External 2 1-Internal Trusted 1 Connect timeout (SMTP-proxy for Externral 2-00) SMTP-Incoming rc="590" proxy_act="SMTP-Incoming" Traffic
I get an allow now, and I guess the time out I get now is because the gateway for the SMTP server isn't the same. I'll try later tonight when I have a chance to edit gateways etc without screwing up anyone email.
CHeers so far.
David
Hello there, right after much banging of my head testing and staying up late at night to try this out, I've come to the conclusion that there appears to be a problem with /24 networks on the external network. I'll try an explain.
I've got the pro licence for this up and running as I've got two seperate feeds one on a 94 range and the other on a 217. now the way the ISP presents this to us is very differnet for each range. for the 94 I've got a /27 subnet however for our 217 this is /24 by this I mean I have 13 ip's but they've not subnetted so what we have to do is make sure we have the correct aliases in. A bit like this
I have 217.xxx.xxx.172 as my nic address, however I also have
217.xxx.xxx.171
217.xxx.xxx.170
217.xxx.xxx.179
217.xxx.xxx.173
217.xxx.xxx.171
217.xxx.xxx.165
217.xxx.xxx.164
Not a Contiguous block as you can see, this works fine on our old firewall but it's failing but for the life of me I can't get this to work on the Firebox, Now there must be a way of getting the external netwrok to work on /24 but as I said it's not working for us.
Thanks for the patience, it's taken time as I'm trying this is the live environment so have to do the workl really late as we have a big arsed mail server on it.
David
Right apologies for the delay in getting back on this running around liek a headless chicken. Not sure how I can do this as I want to give you the points but actually none of the solutions worked.
It would appear that in this case my problem was down to the ISP, and the ARP cache. Bascially they were denying me as there end didn't recognise the mac address which is why I could get one network working and not the other. Previously I have changed firewalls here with no problem and so didn't think of this.
So I guess this is the solution, any ideas how I give you the points and still have this as the solution?
David
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: ljones_cnaPosted on 2009-10-14 at 05:40:05ID: 25569768
Good Morning David,
In order to telnet from an external source, you will need to enable telnet as a policy on the Firebox. The Firebox blocks services that are not specifically enabled.
LJ