Solved

cannot send or receive out of network email after changing sonicwall X1 port to DHCP

Posted on 2014-12-05
37
290 Views
Last Modified: 2014-12-09
After changing the interface setting to DHCP for the sonicwall port X1 for the new internet connection, no one can send or receive emails outside of the network except for the 1 wireless computer...
Here is the link to my previous question where we changed the port: http://www.experts-exchange.com/Networking/Network_Management/Q_28573358.html#a40479429  
Here are the settings:
config
0
Comment
Question by:BriPC
  • 25
  • 12
37 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 40483326
Can you be more specific please.

1. Can you send email from a pc on your network? If not what is the error?
2. Can you receive email at any pc on your network? If not what is th error?
3. What do you mean by "outside of the network"?
4. What are you using to send/receive emails (Outlook)?
5. Do you have your own internal mail server, or are you using your ISP directly?
6. Do you have SPF records set up?
7. If you check the email client on a pc, where is it pointing to send email? The sonciwall?
8. Is DNS working ok?
0
 

Author Comment

by:BriPC
ID: 40483358
1. yes, emails can send to another person within the network and can be received from within the network only
2. There is 1 pc that is connected wireless and he has full email access internal and external.
3. Anyone not on the domain, They cannot send/receive to me gmail account, not in office.
4. Outlook
5. Yes, exchange server, I looked at the firewall rules, there are 2, one in WAN and one in WLAN, both set to allow without any exclusions
6. Don't know what that is
7. no, the mail server.
8. I don't know what it should be set to, I left all set to default configuration and it auto-filled
 
All was working prior to changing the port yesterday to DHCP, wireless connection works... this is my reasoning for thinking it is related to the port.
0
 

Author Comment

by:BriPC
ID: 40483363
email-error.png
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40483371
Can you check the send connector on the Exchange server and see where it is pointing. It should be the Sonicwall.

If you check the rules for the mail server on the Sonciwall are they pointing to the correct places, specifically the outgoing side (WAN ip).

I would try using telnet to send an email from one of your pc's (not the wireless one). This will tell us if it is somehting to do with the Exchange Server or the firewall. Here is how you do it just in case you are not familiar.

http://www.spamsoap.com/how-to-manually-send-an-email-message-via-telnet-to-port-25/
0
 

Author Comment

by:BriPC
ID: 40483426
telnet errors
checking exchange server next
0
 

Author Comment

by:BriPC
ID: 40483465
not sure if i'm looking in the right place, but under send connectors, it shows the domain and in the properties>network=use DNS "MX" Records to route mail  is selected. The server network IPv4 properties all point to the sonicwall and show the right DNS
Send-connectors.png
0
 

Author Comment

by:BriPC
ID: 40483472
firewall-rules.png
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40483515
I cannot telnet to haystacksinc.com on port 25 so I am guessing this is your internal mail server and not in the outside world. The test is to telnet to a mail server in the outside world, to insure you get through the firewall. It should go something like this...

# telnet gmail-smtp-in.l.google.com 25
Trying...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP r1si2024816qat.105 - gsmtp
helo haystacksinc
250 mx.google.com at your service

This will tell us where to look next if it does or does not work.
0
 

Author Comment

by:BriPC
ID: 40483531
that is the internal server,
where do i find the address to telnet from the outside world?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40483540
I want you to telnet FROM a pc on your lan TO a mail server in the outside world, not on your lan.

Open a command prompt and repeat what I typed in my last post.
0
 

Author Comment

by:BriPC
ID: 40483593
sorry, i understand now..

could not open connection to the host on port 25: connect failed
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40483701
Ok, then it proves we have a firewall issue. I suggest you recreate the rules for the mail server using the Sonciwall wizard. On the first admin page in the upper right corner click the wizard button. Then select a public server and a mail server. Answer the questions and see if when done it solves the problem.
0
 

Author Comment

by:BriPC
ID: 40484196
I created is leaving the public server as default below, however no luck. do i need to change the public server? it says to leave it if unsure... Here is a screenshot... I think this may be incorrect but i don't know what to change it to. the telnet came back with the same response...
public-server.png
0
 

Author Comment

by:BriPC
ID: 40484212
I did one with my public ip also and it gave me the confirmation of the 192 ip address of the last entry.. why would it do that? still same error with telnet..
-Are there maybe conflicting firewall rules? should i delete the exchange ones and start over or restore defaults?
Here is the confirmation after creating the public ip which started with
server-1-rule.png
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40484646
The public server address should be the WAN ip of the Sonicwall.

Just to verify, the server type you picked was "mail server", correct?

Since the wan port appears to be bound to the non routable LAN address, you should go ahead and delete the entries for the Exchange Server that were created previously.

When you are creating the new public server with the wizard, the last step before you say OK to do it provides you a list of the new rules it is going to make. Use that list to look for what to delete for the Exchange Server.
0
 

Author Comment

by:BriPC
ID: 40484923
-The WAN Ip is the 192.168.... so it created the correct one then

deleted the address objects, service objects and the NAT policies associated with them to be able to recreate,
(also deleted the previous rules i tried to create first..)

Recreated, yes, I used "Mail Server".. still unable to telnet, connect failed..

There are 3 different 'deny' rules, I unchecked them and still nothing, rechecking them.. other than those, everything seems to be default entries..

access-rules.png
what i received in my email from a test message , the ip address is different than the one that whatismyip.com gives.. it is 63.155.124.55    .. don't know if this matters, just noticed is all...

what i received in my email from a test message
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40485579
What you say is the WAN ip, is a non routable address (192.168.x.x). This can't be your wan ip unless you are using the ISP router to NAT to the outside world.

What do you have the LAN and WAN ip addresses set to on the Sonicwall? If they are both non routable telling me here won't matter, as they are not accessible in the outside world.
0
 

Author Comment

by:BriPC
ID: 40485685
That's what I thought, just don't know enough to justify my thinking... Don't know the ip to set it to to access outside world..

-10.0.113.1 LAN   -192.168.0.24  WAN
interfaces-wan-ip.png
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:BriPC
ID: 40485688
after setting to DHCP, the 192 address is what was assigned...
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40485699
Ok, back to basics. Unless you are sure already, find out from your ISP if you have a fixed ip address for your service or if it is strictly DHCP. Ask them if they can tell you what the wan and lan ip addresses are set to on their router.

If I do an nslookup on

Non-authoritative answer:
Name:    haystacksinc.com
Address:  65.113.11.113

I get that ip. What and where is this ip? Are you also hosting mail somewhere and that is what it is?
0
 

Author Comment

by:BriPC
ID: 40485740
That is the IP address that was the static ip set prior to setting it to DHCP..  It was the old configuration to the old ISP that they had.. Maybe we should go back to static? my email rejection that i received shows that ip address too..  except with static, the rest of the network didn't have internet...

http://www.experts-exchange.com/Networking/Network_Management/Q_28573358.html   It is here in this link that shows the old ip from my previous post...

The Network goes as follows all in the same room..  Centurylink router>Sonicwall>Netgear Switch>LAN and servers (including exchange server where we host mail)

I can't log into the centurylink router today, they wrote down the wrong password, will have to wait until tomorrow for any info inside of there and calling centurylink they don't have anyone in today...
0
 

Author Comment

by:BriPC
ID: 40485743
Thank you for your help and patience by the way, I know a little about a lot, not a lot about a little and unfortunately, firewalls are on the very small side of knowing anything about.. :/
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40485849
Ok, then the problem is that you are still using the old ISP connection if it shows that ip when you ask what your ip is. Do you go to this site? If so, the fastest way to get this to work is to discconnect the old ISP (unplug the cable), connect the new one and try it again.
0
 

Author Comment

by:BriPC
ID: 40485872
I did switch the cables when we switched it to dhcp... the new one is the 63.155.124.55.  thats what whatismyip.com says
0
 

Author Comment

by:BriPC
ID: 40485969
The 65.113 address is still active but not plugged into anything
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40486889
Ok, I can ping 63.155.124.55. So that should be the wan ip address of the Sonciwall, unless you are using the ISP router to NAT it to something else. Be sure the new router is connected and the old is disconnected.
0
 

Author Comment

by:BriPC
ID: 40486959
centurylink was dynamic, setting to static. new address is: 209.181.16.27

-centurylink opened port 25 on their end, was filtered

-Let's go back to the X1 port on the sonicwall, and try a static ip maybe? that way we can get rid of the 192.168 address? I'm going to go ahead and try it with the info that i have now. just don't know what to set the gateway to, .254 or .1?  

centurylink-ip-connection.png
0
 

Author Comment

by:BriPC
ID: 40486983
lol, your comment came through after i posted mine...  I'm glad I was thinking in the right direction :)  I will try .254 for the gateway, that is what they had last time...
0
 

Author Comment

by:BriPC
ID: 40487039
doesn't work with either .1 or .254 , all internet goes down once i set to static.
to verify, i should be matching the ipv4 address and the DNS addresses, correct? the default gateway, i have tried ending with .1, .254 and matching the ip. none of those have worked... :(
0
 

Author Comment

by:BriPC
ID: 40487053
one other question, should i disable the centurylink modem from assigning ip addresses or is it ok?
0
 

Author Comment

by:BriPC
ID: 40487220
centurylink had me bridge their modem and set WAN X1 to PPPoE
0
 

Author Comment

by:BriPC
ID: 40487245
still not working, recreated rules, not going through...
0
 

Author Comment

by:BriPC
ID: 40487563
and... on the line with dell,
she can get email to go through command prompt... nothing else
0
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
ID: 40487741
Here is the cause of your last problem, not receiving email.

If I have this right
209.181.16.27  is the NEW ip address
65.113.11.113 was the previous ip address

If that is true...

The mx record for haystacksinc.com points to the old ip address of 65.113.11.113 when it should now be pointing to the new address. Contact the ISP (or whomever is hosting your dns) and have them change the resolution of haystacksinc.com to the new ip address.

That should solve the problem.
0
 

Author Comment

by:BriPC
ID: 40487825
just called them :) I shouldn't have to change anything in the server, right?
Lord, I hope that is the end of it....
0
 

Author Comment

by:BriPC
ID: 40488166
Thank you ! the MS record now points and emails are coming through :) Can't thank you enough for all of your help the last few days!
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40488376
Glad that its now working for you!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now