Are your internal addresses routable? Even though you are using NAT, if the
internal addresses are from the private ranges, SMTP no workie workie with
FW-1 NAT (even though it seems like it should). In a previous incarnation,
I had NAT for my 10.x internal ranges and it Would Not Work (getting
inexplicable results like those you describe). When the box was put in the
DMZ and given a valid public IP address, NAT worked with SMTP.
Andrew
Jen wrote:
Okay, I've setup NAT lots and lots of times, but this problem is
driving
me crazy. I setup an SMTP server on an NT workstation for testing
purposes. I setup address translation on the FW for that machine.
However, when I try to telnet to port 25 from the outside world,
nothing
happens. I look in the firewall logs, and it says it accepted the
connection. Furthermore, when I telnet out from the workstation in
question, the source address is the valid (translated) address. So
translation seems to be working, at least outgoing.
As a test, I pointed the valid address to another internal IP.
After I
did that, I could telnet to port 25 just fine from the outside
world. I
switch it back, and nada. The problem might be the workstation,
except
... when I telnet to port 25 from the internal network, it works
just
fine.
Any ideas?
Jen
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
