Howdy,
it's me again with another strange question. I hope this one is
challenging enough to provoke some answers.
Imagine a bunch of users somewhere on the internet, accessing a
POP/SMTP server. This SMTP server (POP isn't interesting here) has a
legal IP address and is located in the great wide open. Now the owner
of the server wants to put it behind a firewall, FW-1 4.0. All
services on the server (POP, FTP and HTTP) should stay on that
machine. Only SMTP traffic has to be redirected to another SMTP
server, also in the great wide open, but with working anti-relaying
rules. This transition has to be absolutely transparent for the users.
My first thought was to use NAT rules for this. I created a NAT rule:
any smtpserver smtp =original newsmtpserver =original
This leads to the result that telnetting port 25 to the SMTP server
times out. Before the installation of this rule it was no problem to
reach the SMTP port of the SMTP server. So, it seems that FW-1 indeed
recognizes the SMTP traffic and is doing some sort of NAT. But I can't
reach the new SMTP server. I even don't see any traffic leaving the
firewall's interface. What is going wrong here?
Any comments are appreciated.
Er, no, not any. Comments stating that this is not the intended use of
FW-1 should be directed to /dev/null :-)
Ciao, Joerg
// pallas GmbH ............ Joerg Oertel ...........
Hermuelheimer Str. 10 System engineer
D-50321 Bruehl, Germany [EMAIL PROTECTED]
phone +49-(0)2232-1896-0
http://www.pallas.de fax +49-(0)2232-1896-29
........................................................
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
