Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Watchguard Firebox III 700 routing/NAT issues

Posted on 2008-10-21
2
751 Views
Last Modified: 2013-11-16
I have (2) SMTP servers behind a Watchguard III Firewall.  The SMTP servers are on different domains.

SMTP-1 has a private address of 192.168.1.100 and a public address of 207.x.x.148
SMTP-2 has a private address of 192.168.1.95 and a public address of 207.x.x.146

I configured the Watchguard for 1-to-1 NAT.

I am able to send and receive mail from both servers with the following excption:  Email's sent from SMTP-2 to any address on SMTP-1are queued and never delivered.

I am able to ping 192.168.1.100 from 192.168.1.95.  I am unable to ping 207.x.x.148 from 192.168.1.95
0
Comment
Question by:ltrcne
2 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22855969
As the servers are behind WG; they must use the internal IP address as oppose the public IP to send email to each other; what happens as with most devices on WG the ingress and egress interface cannot be same; hence you cannot send emails from server1->server2 or vice-versa [by default the SMTP server would use DNS which would direct the request to public IP].

You can configure a secondary zone on the DNS server so that the servers can internally send/receive the traffic.

Thank you.
0
 

Author Closing Comment

by:ltrcne
ID: 31508430
I was able to resolve my issue my making changes to our internal DNS servers.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question