johnroeser_nfs
asked on
Sonicwall pro 4060
I have a Barracuda Spam Virus firewall 200 that is excepting mail for my domain. This is working properly with ZERO problems. It is in front of my Sonicwall Pro 4060. I want to pass my email from the Barracuda to the Sonicwall. I set the Barracuda's destination mail server to xxx.xxx.xxx.111 (this is my external IP address of the Sonicwall Pro 4060).
I than use the wizard to all Mail (SMTP through TCP port 25 and 110) and it creates the NAT and rules that I need. When I try to send a test connection from the Barracuda it gets rejected. The log files on the Sonicwall just say the request is being dropped..... I have had this setup correctly before so I know it works. ANY HELP is appreciated! I need to get this running!
I than use the wizard to all Mail (SMTP through TCP port 25 and 110) and it creates the NAT and rules that I need. When I try to send a test connection from the Barracuda it gets rejected. The log files on the Sonicwall just say the request is being dropped..... I have had this setup correctly before so I know it works. ANY HELP is appreciated! I need to get this running!
what interface do you have your barracuda connected to on the sonicwall? any log files from the barracuda as to why it's dropping the connection?
We have this setup a bit differenty. The Barracuda is on our LAN behind the Sonicwall, with a NAT on the Sonicwall that delivers the incoming mail to it. (You can set that up with the wizard) The ouput from the Barracuda is then delivered to our post office system, also on the internal LAN. We have multiple sources for incoming email, so we use both the X1 and X2 interfaces on the Sonicwall for incoming mail that is then sent to the Barracuda.
I just read your question again and have an additional comment. One problem with your setup is that I could send email to your site by using the external address of the Sonicwall, bypassing the Barracuda and all its checking. I suspect it would not be hard to find the Sonicwall external address using either a look up for a web server for your domain, mx records (also in email you send), or whois depending up whether or not that is private. If you want to leave the setup as is, you could try the following, "telnet xxx.xxx.xxx.111 25". If you get an smtp response you have the Sonicwall configured correctly and the Barracuda is the issue. If not, my guess would be that you are not pointing to your post office system on your LAN. Check the ip address of where you told the Sonicwall wizard to forward the incoming mail.
ASKER
carlmd: I have changed my setup to mirror yours. My barracuda is now on my lan and the sonicwall is out in front. The connection from my barracuda to my exchange server is working well (qued mail was delivered this morning) so I know that setup is ok.
The problem I am still having is with the sonicwall. I blanked it our and started from factory default just to make sure nothing else was interfering with it. I run the wizard for the public mail server and it creates everything I need. If I than go to DNSSTUFF.com and run a report (see attached) it still shows port 25 as being down.
I can figure out what is wrong with this setup. Everything should be working..... Any suggestions on places to look?
mail-info2.jpg
The problem I am still having is with the sonicwall. I blanked it our and started from factory default just to make sure nothing else was interfering with it. I run the wizard for the public mail server and it creates everything I need. If I than go to DNSSTUFF.com and run a report (see attached) it still shows port 25 as being down.
I can figure out what is wrong with this setup. Everything should be working..... Any suggestions on places to look?
mail-info2.jpg
When you ran the wizard did you use the default WAN ip address of the Sonicwall or assign a new one?
From somewhere other than on your internal LAN can you telnet to the WAN IP address (or what you used if different) of the Sonicwall using port 25, ex: telnet xxx.xxx.xxx.111 25? What do you get in response to this? You should see something like:
Connected to xxx.xxx.xxx.111.
Escape character is '^]'.
220 yourdomain.com ESMTP Sendmail AIX4.3/8.9.3p2/8.9.3; Thu, 17 Jun 2010 10:09:47 -0400
Please post any error message that you get.
From somewhere other than on your internal LAN can you telnet to the WAN IP address (or what you used if different) of the Sonicwall using port 25, ex: telnet xxx.xxx.xxx.111 25? What do you get in response to this? You should see something like:
Connected to xxx.xxx.xxx.111.
Escape character is '^]'.
220 yourdomain.com ESMTP Sendmail AIX4.3/8.9.3p2/8.9.3; Thu, 17 Jun 2010 10:09:47 -0400
Please post any error message that you get.
ASKER
No, I took the default address of the sonicwall. When telneting to the device on port 25 I get the following error:
Conneting To xxx.xxx.xxx.111......Could not open connection to the host, on port 25: connect failed
Conneting To xxx.xxx.xxx.111......Could
double check your firewall rules WAN > LAN and make sure the services configured and source destination are correct AND that it's configured to allow. Also, double check the NAT rules as well. I just have to believe the firewall or NAT rules aren't configured properly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My WAN > LAN has ANY source destination WAN PRIMARY IP with Barracuda Services (Ports 25 and 110) and it's set to allow.
All the NAT services are setup correctly as well and all are enabled. I just verified them.
All the NAT services are setup correctly as well and all are enabled. I just verified them.
ASKER
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
oops...took too long to type up...thanks for the screen shot. create an address object for the public ip as a host and change the nat to use it rather than firewalled subnets. just to troubleshoot.
Disregard my comment here, http:#a33012964. I just told you to modify your loopback. sigh...your rules look right. unless, carl sees something i don't.
When you set this up using the Wizard, did you use the "Public Server Wizard", and then for server type "Mail Server"?
ASKER
Yep sure did!
Ok, then lets get more basic. On the Sonicwall System>Diagnostics>Diagnos tic Tools select ping and ping the Barracuda ip addres.. Assuming that works, then telnet to the Barracuda on port 25 from you LAN. You should see something like ....
Connected to x.x.x.x.
Escape character is '^]'.
220 Barracuda.domain.com ESMTP (562cea4734851976671da692a 0afbc74)
Do you get this?
Connected to x.x.x.x.
Escape character is '^]'.
220 Barracuda.domain.com ESMTP (562cea4734851976671da692a
Do you get this?
ASKER
yep I did get the telnet connection from the LAN to the barracuda. I can ping the barracuda from the sonicwall as well. I can also pint google from the sonicwall too so I know it see the outside world as well.
so, if we assume that communication is happening between the WAN > LAN of the sonicwall, is there something on the barracuda that needs to be configured?
ASKER
Not that I can see. Actually other than changing the IP address, the Barracuda has not changed and it was working just fine before.
Can you post the Sonicwall logs for the failed attemp to telnet from the outside world to the WAN interface port 25.
ASKER
It actually was a problem with the barracuda, but I found it by going back through all the suggestion that both of you had. Thanks for all the help!
Great! You should post what the configuration was that caused the issue so others who have the same issue can find your solution.
Thanks for the points!
Thanks for the points!