Smoothwall and Win2000 (advanced) server - Mail and FTP

Posted on 2003-03-18
Medium Priority
Last Modified: 2012-06-27
My network configuration is as follows:
WIN2000 Advanced Server installed as PDC
WIN2000 Pro Clients which connect to the server
Smoothwall 1.0 (not configured to use DNS since this is assigned to the WIN2000 server) in the same network for internet security (only GREEN and RED NIC installed, no DMZ).

When using this configuration, going to the internet for browsing seems to be no problem. However, FTP and e-mail exchange are impossible. Why? or How to configure?

Someone proposed me to configure the Win2000 server as a normal DC, so that it would forward to the Smoothwall.
Is the following method possible?
* backup the AD
* reinstall the WIN2000 from scratch
* restore the AD

Would restoring the AD not put the system back as a PDC?

I have little margin for experimenting as this is in a school environment with limited means.

Question by:kangooman
  • 2
  • 2
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8169717
Yves: it's difficult to understand because we do not have all the info.

which role plays here the win2000 server? is it the mail server (MTA)? is it the ftp server?

are you talking about access from lan to internet to an external mail server? in this case, outgoing mails go thru, but you cannot read them using pop3, or pop3 is working and smtp is not?

please try to explain where the problem is, and maybe yourself will find the problem.


Author Comment

ID: 8170228
Ok, here I go:

The win2K server's main purpose is to act as a file server and beside that to "control" the clients' security, that is to enforce system policies and user policies. The main problem here is, as I was told in response to a similar question, that the server is configured as the PDC. Second task of the server is DHCP. Due to the policy question, all my clients are required to have it as their gateway, because otherwise the policies are not applied.

The Smoothwall's role was to replace another win2K server that was merely used as a router to the Internet (with capital I). As an extra, I embraced the smoothwall's firewall capabilities. So, in fact I expected it to work merely as a router. But, as it turns out, the Smoothwall blocks traffic over all but the port 80 for internet access.

I read about a solution where the win2K should not be the PDC, just a regular DC, which in turn forwards DHCP requests to the Smoothwall (is this making any sense at all?). This would allow the clients to access other ports, including port 25 and 110 for SMTP and POP3.

So, in fact, that is the problem. The smoothwall is routing my intranet to the Internet, but is unable to forward requests on other ports.

Is this more understandable?

Author Comment

ID: 8170237
Sorry if my sentences don't always make sence. My native language is Dutch.
LVL 19

Accepted Solution

Gabriel Orozco earned 200 total points
ID: 8170493
yeap. this is very understandable.

now, the facts:

1) You do not need the PDC to be the default gateway. no windows policy controls traffic via tcp/ip, so you can safely edit your dhcpd settings in the win2000 server and point the default gateway to the smoothwall.

2) As per this question, you do not need to change any PDC to BDC or DC. This does not apply here.

3) You need to read better the documentation of your smootwall. you need to let any user from inside to access outside, and block all outside traffic. this is normally very easy to do, but I do not use smoothwall. I can help you with the plain linux rules, but not menues or something. This is why I recommend you to re-read the manual and look for configuration examples.

4) No problem... I'm a Spanish speaker myself :P


Expert Comment

ID: 9077638
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
How to fix display issue, screen flickering issue when I plug in power cord to the machine. Before I start explaining the solution lets check out once the issue how it looks like after I connect the power cord. most of you also have faced this…
Suggested Courses

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question