Solved

can send but not receive email through NAT firewall

Posted on 2004-04-28
5
540 Views
Last Modified: 2013-11-16
I am running a win2k server with exchange and a snapgear SME570 firewall. I can browse the internet and send email through exchange and my firewall, but I can not receive email. How can this be fixed?

here is a little information about how my NAT/rule regarding email is set up:

Descriptive Name NAT type Incoming Interface Source Address Outgoing Interface Destination Address Destination Services To Source Address To Source Service To Destination Address To Destination Service Select

email  1 to 1  Internet Port - Direct Internet 69.x.x.6  N/A  N/A  N/A  N/A  Internet Port - Alias 0 69.x.x.2  N/A  10.x.x.1  N/A  



Descriptive Name Action Incoming Interface Source Address Outgoing Interface Destination Address Services Select

email  Accept  Internet Port - Direct Internet 69.x.x.x  Any  Any  10.x.x.1Any  

0
Comment
Question by:sadian
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10948259
Does your mail.mycompany.com domain name point to 69.x.x.6 ?
I think you also need a rule that allows Any to connect to 69.x.x.6 on TCP port 25.
Don't worry about allowing 69.x.x.6 to connect to 10.x.x.1 - this isn't how NAT works - the access list will be applied first, and then the translation will occur.
0
 
LVL 2

Author Comment

by:sadian
ID: 10950299
Yep mail.mycompany.com points to 69.x.x.6
0
 
LVL 2

Author Comment

by:sadian
ID: 10950311
my old firewall works fine, I'm setting up a new one and having the said troubles with it.

Sadian
0
 
LVL 4

Accepted Solution

by:
hawgpig earned 500 total points
ID: 10955316
Sadian,
Make sure the DNS is working and properly configured on your DNS go to www.dnsreport.com and type in your mail server domain name....mayber your isp isn't pointing the domain to your ip address yet.....
If that all checks out...
Try this from an external connection (i.e. another ISP, modem, etc)
go to start/run
type
telnet 69.x.x.6 25
enter
if you get a blank black screen your firewall is passing the connection...
If the connection times out.....either your firewall is stopping it or the server is stopping it....
to check your smtp server
do the same above but with the internal address 10.x.x.1
go to start/run
type
telnet 10.x.x.1 25
enter
you should get the blank black screen....
if you don't....... check your smtp server......that is where the issue is
if you get the blank black screen the issue is your firewall....
make sure your port 25 is open on your firewall....
also if you have an internal router make sure the traffic is being sent to the correct location...
Good Luck
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10957390
From the snapgear support pages..

For firmware version 1.9.0 and later:

To perform 1-to-1 Network Address Translation from real IP addresses to private IP addresses on your LAN, the following needs to be done:

Under the 'Network Setup' page, select the 'Advanced' link to navigate to the Advanced IP Configuration.

Under the 'Interface Aliases', add an alias IP address on the 'Internet Port' for  69.x.x.6 / mailserver public address

Then under the 'Packet Filtering' page, select 'Addresses' and define a 'new' address for 10.x.x.1 / mail server private address

Then again under the 'Packet Filtering' page, select 'NAT" and then '1 to 1'.

Enter a 'Descriptive Name:' and define the 'The public network is on:' correctly, being the interface that has your internet connection.

Then select the appropiate 'Change private address:' selection that was created above, and finally the correct public ip address in the 'Into public address:' field.

Leave the 'Create a corresponding incoming ACCEPT firewall rule ?:' box checked to enable the specified 1 to 1 NAT traffic through the firewall.

This will now create a bi-directional 1 to 1 NAT for the specified addresses.

For firmware version prior to 1.9.0:

To perform 1-to-1 Network Address Translation from multiple real IP addresses to private IP addresses on your LAN, the following needs to be done:

Under the 'IP Configuration' page - 'Configure' the Advanced IP Configuration.
Add an alias IP address on the Internet interface for each real-world IP address you want to configure for 1-to-1 NAT.

Under the 'Rules' page, add the following custom rule to associate outbound connections from the private IP address with the real-world IP address:

iptables -t nat -I POSTROUTING -o $INTERNET_IF -s a.b.c.d -j SNAT --to-source w.x.y.z

Where a.b.c.d is the private address on your LAN, and w.x.y.z is the newly configured Internet interface alias.

Then to allow incoming connections to be forwarded to the LAN IP address, follow the instructions in Knowledge Base article Forwarding all ports (Virtual DMZ).

 
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now