iredlands
asked on
Firewall Issue
Last night we rebuilt our firewall - it works great - doesnt let anything in (nothing)
Web/mail server Slackware 8.1, apache 1.3x, eXtremail has been in operation for over 12 months without change - its ip: 10.0.0.2
Our firewall distro is Smoothwall 1.0
red: 210.15.202.42 (to internet)
organge: 10.0.0.1 (to webserver)
green: 196.168.0.1 (to local)
from the firewall box: we CAN ping all other machines on both networks
from the green network: we CAN access both orange & red
from the orange network: we CANNOT access 10.0.0.1
we have opened the following ports in smoothwall to allow external access via both tcp & udp
113 | 20 | 21 | 22 | 25 | 445 | 53 | 80 | 110 | 143
but nothing is getting passed.
we have added data into our hosts file section below
<snip>
127.0.0.1 localhost
192.168.0.1 i-fire
10.0.0.2 i-redlands.net
10.0.0.2 mail.i-redlands.net
10.0.0.2 www.i-redlands.net
<snip>
Please can anyone help this is quite urgent.
We need to get our server back online it hosts about 30 domains
steve
Web/mail server Slackware 8.1, apache 1.3x, eXtremail has been in operation for over 12 months without change - its ip: 10.0.0.2
Our firewall distro is Smoothwall 1.0
red: 210.15.202.42 (to internet)
organge: 10.0.0.1 (to webserver)
green: 196.168.0.1 (to local)
from the firewall box: we CAN ping all other machines on both networks
from the green network: we CAN access both orange & red
from the orange network: we CANNOT access 10.0.0.1
we have opened the following ports in smoothwall to allow external access via both tcp & udp
113 | 20 | 21 | 22 | 25 | 445 | 53 | 80 | 110 | 143
but nothing is getting passed.
we have added data into our hosts file section below
<snip>
127.0.0.1 localhost
192.168.0.1 i-fire
10.0.0.2 i-redlands.net
10.0.0.2 mail.i-redlands.net
10.0.0.2 www.i-redlands.net
<snip>
Please can anyone help this is quite urgent.
We need to get our server back online it hosts about 30 domains
steve
How about your cable to the NIC.
Didn't you make mistake to put orange cable to the red NIC and vice versa ?
Didn't you make mistake to put orange cable to the red NIC and vice versa ?
Sorry, but I've scanned your firewall box. From here the open ports is only 53 and 80.
Hei ... you are ozzy too.
G'day mate.
I though you are in Ireland :)
G'day mate.
I though you are in Ireland :)
And the Web server is running well.
I think you have solved it mate.
I think you have solved it mate.
And the Web server is running well.
I think you have solved it mate.
I think you have solved it mate.
ASKER
Cables seem ok, web services working since we enabled port forwarding - still no mail.
yep an aussie -based in brisbane
steve
yep an aussie -based in brisbane
steve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
nup, cannot connect through to mail server from inside green network - or the red, mail server seems 2b working and we can access via root.
any thoughts
steve
any thoughts
steve
Silly question, but...
Are your subnet masks all identical? That is, does the machine, 10.0.0.2 have a 24-bit subnet mask and the firewall has a 24-bit subnet mask on the 10.0.0.1 interface?
Walkabout
Are your subnet masks all identical? That is, does the machine, 10.0.0.2 have a 24-bit subnet mask and the firewall has a 24-bit subnet mask on the 10.0.0.1 interface?
Walkabout
I think I got it wrong.
Is the mail server the same computer as the web server ?
Is the mail server the same computer as the web server ?
ASKER
WalkaboutTigger,
do you mean a sub net of 255.255.255.0 - yes
Kocil
yes, both reside @ 10.0.0.2
do you mean a sub net of 255.255.255.0 - yes
Kocil
yes, both reside @ 10.0.0.2
Hey ... sorry but I was going home (I'm at Perth WA).
If you still there, I'm up now.
If you still there, I'm up now.
You may have added entries in to your hosts file, but check your routing.
Many times with firewalls, you need to maintain a static route table that specifically routes networks to their appropriate NICs.
Many times with firewalls, you need to maintain a static route table that specifically routes networks to their appropriate NICs.
ASKER
Thanks Kocil, you were right on the money, it was in fact a dns & mailserver problem.
All ok now -- thanks for your help
Steve
ps: if your ever on this side of the country let me know & ill buy you a beer
All ok now -- thanks for your help
Steve
ps: if your ever on this side of the country let me know & ill buy you a beer
Nice ...
ps:
I don't have a plan for a trip to there, but a beer offering is not something to be missed. How can I contact you ?
ps:
I don't have a plan for a trip to there, but a beer offering is not something to be missed. How can I contact you ?
then what about me !!
anyways ,, happy X-mas .. !!
ASKER
tcp,80,10.0.0.2,80,on
tcp,53,10.0.0.2,53,on
tcp,25,10.0.0.2,25,on
tcp,110,10.0.0.2,110,on
tcp,21,10.0.0.2,21,on
tcp,20,10.0.0.2,20,on
udp,110,10.0.0.2,110,on
udp,25,10.0.0.2,25,on
udp,53,10.0.0.2,53,on
udp,21,10.0.0.2,21,on
udp,20,10.0.0.2,20,on
help :-/
steve