In location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
Value for IpEnableRouter should be set to 1 (not zero)
Andy
At 08:35 AM 10/25/01, Firewall-1 (Joe Voisin) wrote:
How are you handling your mail? Does your mail server have it's own external IP address? (I have about 6 addresses I can use. I assigned one just to the mail server)
Make sure that you ARP the IP address onto the Ethernet adapter. In windows it's probably just adding it in the network config. For me, on AIX, I had to use the ARP command to add it. Because the firewall itself has to respond to the IP address, it has to know that it is supposed to do so.
Access Rules:
ANY MAIL_EXT SMTP ACCEPT
MAIL_INT ANY SMTP ACCEPT
NAT Rules:
INT_NET INT_NET ANY ORIGINAL ORIGINAL ORIGINAL
!INT_NET MAIL_EXT SMTP ORIGINAL MAIL_INT ORIGINAL
MAIL_INT ANY SMTP ORIGINAL MAIL_EXT ORIGINAL
Oh yeah, something that bit me in the butt. If you use your Firewall IP address as the address for your mail server.. make sure that you put the SMTP accept rule above the firewall stealth rule.... Ya know, the "ANY FIREWALL DROP ALERT" rule.
I don't know if any of this is even your problem, but I like to at least try and help. J
Joe
======================================================================
Joseph Voisin, Systems and Network Administrator, Engel Canada Inc.
www.engelmachinery.com | [EMAIL PROTECTED] | (519)836-0220 x436
======================================================================
-----Original Message-----
From: Hanke, Eric [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 24, 2001 5:12 PM
To: [EMAIL PROTECTED]
Subject: [FW-1] Migration Headache
Hello list:
Tried a migration (fresh install) of FW-1 4.1 last night on a Windows 2000 SP 2 Compaq Proliant 1600. Thought the install went well until my users were not able to receive any e-mail, sending e-mail was ok.
Here is a quick Config rundown:
Checkpoint FW-1 4.1 SP5 on Enforcement Module (Windows 2000 SVR SP2)
Checkpoint FW-1 on the GUI Client and Management Module (Windows 2000 SVR SP2)
This was a fresh install. I opted to manage my routes manually; I already had a text printout of the routes from my NT 4.0 Firewall-1 (4.0)
Basically the first few rules look as such
Firewall -----> Management Accept
Management -----> Firewall Accept
ANY -----> SMTP_SVR(NAT'ed) Accept
SMTP_SVR(NAT'ed) -----> Outside_world Accept
I also had the necessary DNS rules installed so the Mail server could do a DNS lookup. The strange thing is that on the Log you could see the Firewall pass the request from the public IP of the SMTP server to the NAT'ed address but the SMTP server never received the e-mail.
I think this is a routing problem; I am new to routing with Windows 2000. Any ideas or a thought on what to look at next is greatly appreciated.
Eric
Eric M Hanke
Senior Network Engineer
Tempel Steel Company
Magnetic Steel Laminations for the Electronic and Electrical Industries
Phone (773) 250-8056
Andy Druda
Network & Communications Manager
Wagner College
Staten Island, New York 10301
1 718 390 3204
