cannot send or receive out of network email after changing sonicwall X1 port to DHCP

After changing the interface setting to DHCP for the sonicwall port X1 for the new internet connection, no one can send or receive emails outside of the network except for the 1 wireless computer...
Here is the link to my previous question where we changed the port: http://www.experts-exchange.com/Networking/Network_Management/Q_28573358.html#a40479429 
Here are the settings:
config
BriPCAsked:
Who is Participating?
 
carlmdCommented:
Here is the cause of your last problem, not receiving email.

If I have this right
209.181.16.27  is the NEW ip address
65.113.11.113 was the previous ip address

If that is true...

The mx record for haystacksinc.com points to the old ip address of 65.113.11.113 when it should now be pointing to the new address. Contact the ISP (or whomever is hosting your dns) and have them change the resolution of haystacksinc.com to the new ip address.

That should solve the problem.
0
 
carlmdCommented:
Can you be more specific please.

1. Can you send email from a pc on your network? If not what is the error?
2. Can you receive email at any pc on your network? If not what is th error?
3. What do you mean by "outside of the network"?
4. What are you using to send/receive emails (Outlook)?
5. Do you have your own internal mail server, or are you using your ISP directly?
6. Do you have SPF records set up?
7. If you check the email client on a pc, where is it pointing to send email? The sonciwall?
8. Is DNS working ok?
0
 
BriPCAuthor Commented:
1. yes, emails can send to another person within the network and can be received from within the network only
2. There is 1 pc that is connected wireless and he has full email access internal and external.
3. Anyone not on the domain, They cannot send/receive to me gmail account, not in office.
4. Outlook
5. Yes, exchange server, I looked at the firewall rules, there are 2, one in WAN and one in WLAN, both set to allow without any exclusions
6. Don't know what that is
7. no, the mail server.
8. I don't know what it should be set to, I left all set to default configuration and it auto-filled
 
All was working prior to changing the port yesterday to DHCP, wireless connection works... this is my reasoning for thinking it is related to the port.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
BriPCAuthor Commented:
email-error.png
0
 
carlmdCommented:
Can you check the send connector on the Exchange server and see where it is pointing. It should be the Sonicwall.

If you check the rules for the mail server on the Sonciwall are they pointing to the correct places, specifically the outgoing side (WAN ip).

I would try using telnet to send an email from one of your pc's (not the wireless one). This will tell us if it is somehting to do with the Exchange Server or the firewall. Here is how you do it just in case you are not familiar.

http://www.spamsoap.com/how-to-manually-send-an-email-message-via-telnet-to-port-25/
0
 
BriPCAuthor Commented:
telnet errors
checking exchange server next
0
 
BriPCAuthor Commented:
not sure if i'm looking in the right place, but under send connectors, it shows the domain and in the properties>network=use DNS "MX" Records to route mail  is selected. The server network IPv4 properties all point to the sonicwall and show the right DNS
Send-connectors.png
0
 
BriPCAuthor Commented:
firewall-rules.png
0
 
carlmdCommented:
I cannot telnet to haystacksinc.com on port 25 so I am guessing this is your internal mail server and not in the outside world. The test is to telnet to a mail server in the outside world, to insure you get through the firewall. It should go something like this...

# telnet gmail-smtp-in.l.google.com 25
Trying...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP r1si2024816qat.105 - gsmtp
helo haystacksinc
250 mx.google.com at your service

This will tell us where to look next if it does or does not work.
0
 
BriPCAuthor Commented:
that is the internal server,
where do i find the address to telnet from the outside world?
0
 
carlmdCommented:
I want you to telnet FROM a pc on your lan TO a mail server in the outside world, not on your lan.

Open a command prompt and repeat what I typed in my last post.
0
 
BriPCAuthor Commented:
sorry, i understand now..

could not open connection to the host on port 25: connect failed
0
 
carlmdCommented:
Ok, then it proves we have a firewall issue. I suggest you recreate the rules for the mail server using the Sonciwall wizard. On the first admin page in the upper right corner click the wizard button. Then select a public server and a mail server. Answer the questions and see if when done it solves the problem.
0
 
BriPCAuthor Commented:
I created is leaving the public server as default below, however no luck. do i need to change the public server? it says to leave it if unsure... Here is a screenshot... I think this may be incorrect but i don't know what to change it to. the telnet came back with the same response...
public-server.png
0
 
BriPCAuthor Commented:
I did one with my public ip also and it gave me the confirmation of the 192 ip address of the last entry.. why would it do that? still same error with telnet..
-Are there maybe conflicting firewall rules? should i delete the exchange ones and start over or restore defaults?
Here is the confirmation after creating the public ip which started with
server-1-rule.png
0
 
carlmdCommented:
The public server address should be the WAN ip of the Sonicwall.

Just to verify, the server type you picked was "mail server", correct?

Since the wan port appears to be bound to the non routable LAN address, you should go ahead and delete the entries for the Exchange Server that were created previously.

When you are creating the new public server with the wizard, the last step before you say OK to do it provides you a list of the new rules it is going to make. Use that list to look for what to delete for the Exchange Server.
0
 
BriPCAuthor Commented:
-The WAN Ip is the 192.168.... so it created the correct one then

deleted the address objects, service objects and the NAT policies associated with them to be able to recreate,
(also deleted the previous rules i tried to create first..)

Recreated, yes, I used "Mail Server".. still unable to telnet, connect failed..

There are 3 different 'deny' rules, I unchecked them and still nothing, rechecking them.. other than those, everything seems to be default entries..

access-rules.png
what i received in my email from a test message , the ip address is different than the one that whatismyip.com gives.. it is 63.155.124.55    .. don't know if this matters, just noticed is all...

what i received in my email from a test message
0
 
carlmdCommented:
What you say is the WAN ip, is a non routable address (192.168.x.x). This can't be your wan ip unless you are using the ISP router to NAT to the outside world.

What do you have the LAN and WAN ip addresses set to on the Sonicwall? If they are both non routable telling me here won't matter, as they are not accessible in the outside world.
0
 
BriPCAuthor Commented:
That's what I thought, just don't know enough to justify my thinking... Don't know the ip to set it to to access outside world..

-10.0.113.1 LAN   -192.168.0.24  WAN
interfaces-wan-ip.png
0
 
BriPCAuthor Commented:
after setting to DHCP, the 192 address is what was assigned...
0
 
carlmdCommented:
Ok, back to basics. Unless you are sure already, find out from your ISP if you have a fixed ip address for your service or if it is strictly DHCP. Ask them if they can tell you what the wan and lan ip addresses are set to on their router.

If I do an nslookup on

Non-authoritative answer:
Name:    haystacksinc.com
Address:  65.113.11.113

I get that ip. What and where is this ip? Are you also hosting mail somewhere and that is what it is?
0
 
BriPCAuthor Commented:
That is the IP address that was the static ip set prior to setting it to DHCP..  It was the old configuration to the old ISP that they had.. Maybe we should go back to static? my email rejection that i received shows that ip address too..  except with static, the rest of the network didn't have internet...

http://www.experts-exchange.com/Networking/Network_Management/Q_28573358.html   It is here in this link that shows the old ip from my previous post...

The Network goes as follows all in the same room..  Centurylink router>Sonicwall>Netgear Switch>LAN and servers (including exchange server where we host mail)

I can't log into the centurylink router today, they wrote down the wrong password, will have to wait until tomorrow for any info inside of there and calling centurylink they don't have anyone in today...
0
 
BriPCAuthor Commented:
Thank you for your help and patience by the way, I know a little about a lot, not a lot about a little and unfortunately, firewalls are on the very small side of knowing anything about.. :/
0
 
carlmdCommented:
Ok, then the problem is that you are still using the old ISP connection if it shows that ip when you ask what your ip is. Do you go to this site? If so, the fastest way to get this to work is to discconnect the old ISP (unplug the cable), connect the new one and try it again.
0
 
BriPCAuthor Commented:
I did switch the cables when we switched it to dhcp... the new one is the 63.155.124.55.  thats what whatismyip.com says
0
 
BriPCAuthor Commented:
The 65.113 address is still active but not plugged into anything
0
 
carlmdCommented:
Ok, I can ping 63.155.124.55. So that should be the wan ip address of the Sonciwall, unless you are using the ISP router to NAT it to something else. Be sure the new router is connected and the old is disconnected.
0
 
BriPCAuthor Commented:
centurylink was dynamic, setting to static. new address is: 209.181.16.27

-centurylink opened port 25 on their end, was filtered

-Let's go back to the X1 port on the sonicwall, and try a static ip maybe? that way we can get rid of the 192.168 address? I'm going to go ahead and try it with the info that i have now. just don't know what to set the gateway to, .254 or .1?  

centurylink-ip-connection.png
0
 
BriPCAuthor Commented:
lol, your comment came through after i posted mine...  I'm glad I was thinking in the right direction :)  I will try .254 for the gateway, that is what they had last time...
0
 
BriPCAuthor Commented:
doesn't work with either .1 or .254 , all internet goes down once i set to static.
to verify, i should be matching the ipv4 address and the DNS addresses, correct? the default gateway, i have tried ending with .1, .254 and matching the ip. none of those have worked... :(
0
 
BriPCAuthor Commented:
one other question, should i disable the centurylink modem from assigning ip addresses or is it ok?
0
 
BriPCAuthor Commented:
centurylink had me bridge their modem and set WAN X1 to PPPoE
0
 
BriPCAuthor Commented:
still not working, recreated rules, not going through...
0
 
BriPCAuthor Commented:
and... on the line with dell,
she can get email to go through command prompt... nothing else
0
 
BriPCAuthor Commented:
just called them :) I shouldn't have to change anything in the server, right?
Lord, I hope that is the end of it....
0
 
BriPCAuthor Commented:
Thank you ! the MS record now points and emails are coming through :) Can't thank you enough for all of your help the last few days!
0
 
carlmdCommented:
Glad that its now working for you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.