Solved

2nd NIC messing up buitin POP3 server in Server 03

Posted on 2006-11-30
21
310 Views
Last Modified: 2010-04-18
I recently added a 2nd NIC to my server with it's own public static IP. After having done this my POP3 server keeps trying to send through the wrong NIC. I have confirmed this by disabling the new NIC and observing that the POP3 traffic works again. Is there some way to tell the BUilt in POP3 server not to use the wrong NIC?
0
Comment
Question by:avaris4069
  • 9
  • 6
  • 6
21 Comments
 
LVL 2

Expert Comment

by:nitsud01
ID: 18046931
What mail server are you using? If it is exchange then:

Open Exchange System Manager
Expand your exchange organization
Expand the Servers group
Expand "YourServerName"
Expand the Protocols group
Expand the POP3 group
Right-click on your Default POP3 server (or whatever you're using)

In that dialog, you should be able to bind your POP3 server to a specific network adapter...

Hope that helps... If you aren't using exchange, there should still be a way to assign a specific ip address or network adapter to your pop3 server, you'll just have to figure out where the config option is....

0
 

Author Comment

by:avaris4069
ID: 18046944
As stated  I am using the Built in Mailer server Program not exchange.
0
 
LVL 2

Expert Comment

by:nitsud01
ID: 18047197
I guess I'm not familiar with the "Built in Mailer server Program" in Server 2003... What version of the o/s are you using? Do you have some sort of management console that allows you to configure settings within the application/service? Maybe if you can describe the options available to you, I can be more helpful.....
0
 

Author Comment

by:avaris4069
ID: 18047763
http://www.ilopia.com/Articles/WindowsServer2003/EmailServer.aspx if this doesn't shed some light on what I am using then i don't know what to tell you.
0
 
LVL 2

Expert Comment

by:nitsud01
ID: 18048285
Ahhh.... I see.... Sorry about the confusion.... I've mostly used Exchange server instead of the builtin mail services that come with 2003, so I kind of forgot they were there :) I incorrectly assumed you were using some 3rd party software.....

Is your Default SMTP server bound to the correct NIC/IP in the IIS snap-in?
0
 

Author Comment

by:avaris4069
ID: 18048335
No Problem. Yes The SMTP is working fine and I know how to change that one if necessary but I have no idea how to change the pop3.
0
 
LVL 2

Expert Comment

by:nitsud01
ID: 18048643
Ok let's get some more info on the table here, maybe someone else will help us shed some light. I don't know the solution to your problem, but I would like to help you figure it out.....

First of all, which NIC are you trying to use for POP3/SMTP?  NIC A or NIC B? (NIC B being the new one) (I assume you're trying to run both services from the same NIC) What are their IP addresses? (you can use xxx.xxx.209.100, I know at least one is public :)

I believe what you are saying is that the incoming POP requests are being routed through the correct NIC A, but outgoing responses are sent from NIC B.... Have you verified this activity via a packet sniffer? or are you assuming that POP3 service is using NIC A instead of NIC B merely because it stops working when the NIC B is enabled?

Are you using port forwarding (110) to NIC A or DMZ?

If indeed the problem is that the POP3 service is using the wrong NIC for outgoing responses, we need to figure out it how the POP3 service is selecting the NIC....
0
 

Author Comment

by:avaris4069
ID: 18048892
I am forwarding 110 to NIC A and i have not used a packet sniffer .I have only turned off the interfereing NIC and noted sucessfull transmissions.
0
 
LVL 2

Expert Comment

by:nitsud01
ID: 18049421
Then I would not assume that outgoing POP transmissions are using NIC B for communication when enabled... Though that could still be the case...  I'd use a packet sniffer to be sure.... Also, I find it doubtful that the POP3 service would accept incoming traffic on one NIC, but send outgoing traffic through another.... So, even if we found a way to bind the POP3 service to a NIC, I doubt that would fix your problem.... I'd guess that the POP3 service will only using one NIC for any sort of communications at any given time, until configured otherwise.... Since you're forwarding port 110 to NIC A's IP address, we know for sure that any incoming POP traffic is going to NIC A... If the POP3 service was running on NIC B, you wouldn't even be able to open a session with the POP3 server at that point..... ya follow?

You might try changing the card to a different PCI/PCI-E slot to try and rule out resource conflicts.... Or even try using a different brand/model NIC and see if problems persist...

I'm just trying to isolate the problem a bit more, because now, as we have it, all we really know is that POP3 stops working when NIC B is enabled, right?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18050597
Out of curiosity is there a default gateway on both NIC's. Only put a default gateway on the NIC to be used for the Internet, the POP3 one.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:avaris4069
ID: 18050646
yes there were gateways on both. I removed the gateway from the vnp nic. This actually resolved an unrelated problem but unfortunately the pop3 still only works if I disable nic 2 (vpn nic (btw cause problems whether vpn or just sitting there with and ip) )
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18050726
Doubt it will make a difference, but also try setting the binding order; control panel | network connections | on the menu bar - advanced | advanced settings | adapters and bindings.
I would also assume after removing gateways or making TCP/IP changes that the POP3 service needs to be re-started, or the server re-booted.
0
 

Author Comment

by:avaris4069
ID: 18050792
Excellent thought on the binding unfortunately no luck. I also thought that perhaps the pop3 traffic was trying to go out the 2nd nic so I configured a client to try that one...no luck it would seem that having 2 nics just leaves pop3 indecisve.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18050869
>>"2 nics just leaves pop3 indecisve"
Odd, shouldn't with only one gateway. Though I must say I am not familiar with the built in POP3 functionality. 2 gateways would certainly add to the random selection.

Perhaps post the results from a route print statement, just to see that the basic routing table is OK. Perhaps nitsud01
 can "attack" from the mail server end, and I can look at the routing.
0
 

Author Comment

by:avaris4069
ID: 18050876
Route print statement? how do i get that? Also with the vpn gateway disabled the vpn doesn't work so even if that did fix the pop3 issue it would cause another.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18050899
>>'Also with the vpn gateway disabled "
Is the VPN using the other NIC? You cannot run 2 NIC with 2 gateways.
It is also possible that if you have the VPN running,i.e RRAS enabled on the server that it is blocking some connections. It has a built in NAT firewall that may be enabled. Try totally disabling RRAS, by opening the RRAS management console, right click on the server and choose disable. You will have to reconfigure when you re-enable it.

I am assuming this is not Small Business Server ??

>>"Route print statement? how do i get that?"
From a command line enter:
route  print  > c:\Output.txt
Open c:\Output.txt and copy and paste the results here.
0
 

Author Comment

by:avaris4069
ID: 18050930
Ok first I want you to know i am upping the pot to 350 points since you are being so dedicated to helping me and this will likely take a bit longer. This is Server 03 Enterprise. I am fortunate in being the IT Manager for a Car dealership means that Vendors often discontinue services and leave their equipment for me to deal with...score me one Server 03 Enterprise :).  I had already tried totally disabling RRAS but the only thing that rights the situation is disabling the card itself. Here is where my limited networking knowledge is going to show through and make me look stupid....If I can't have 2 nic with 2 gateways how can I have a nic for private and public as most of the vpn guides suggest?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 350 total points
ID: 18050966
>>"I have a nic for private and public as most of the vpn guides suggest?"
a) I have never seen where that was necessary
b) They generally refer to having a pubic or external interface and private or internal interface. That is not to say the VPN requires it's own adapter, just that you should segregate the LAN from the WAN. Therefore the private/internal NIC would be for LAN use, and because all internal traffic would be on a single private subnet, such as 192.168.100.x (192.168.100.0/24) there is no need for a  default gateway. You external services such as the VPN, Web server, Mail server, remote access, can all share the public/external NIC. This is primarily a security precaution so that you are not giving external users direct access to the LAN subnet.
0
 

Author Comment

by:avaris4069
ID: 18095266
RobWill get's the pot again b/c he pointed out what should have been obvious...2nic 2gateways...bad me!!! once Changed my network setup to have a private network with no gatewate in the configuration and then used the public nic for pop and my vpn with packet filtering setup correctly everything is fine...THANKS ROBWILL!!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18095480
Glad to hear avaris4069 . Thanks,
--Rob
0
 
LVL 2

Expert Comment

by:nitsud01
ID: 18097386
Interesting... Good call RobWill....
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now