Re: [FW1] Advanced Misuse Configuration Guide :-)

Wed, 31 May 2000 13:09:53 -0700 


Did you publish the arp for the new IP and setup an external translation
rule?

Carric Dooley
Network Security Consultant

"I have often regretted my speech, never my silence."
- Xenocrates (396-314 B.C.)



----- Original Message -----
From: "Joerg Oertel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 31, 2000 8:20 AM
Subject: [FW1] Advanced Misuse Configuration Guide :-)


>
> Howdy,
>
> it's me again with another strange question. I hope this one is
> challenging enough to provoke some answers.
>
> Imagine a bunch of users somewhere on the internet, accessing a
> POP/SMTP server. This SMTP server (POP isn't interesting here) has a
> legal IP address and is located in the great wide open. Now the owner
> of the server wants to put it behind a firewall, FW-1 4.0. All
> services on the server (POP, FTP and HTTP) should stay on that
> machine. Only SMTP traffic has to be redirected to another SMTP
> server, also in the great wide open, but with working anti-relaying
> rules. This transition has to be absolutely transparent for the users.
>
> My first thought was to use NAT rules for this. I created a NAT rule:
>
> any   smtpserver   smtp      =original  newsmtpserver  =original
>
> This leads to the result that telnetting port 25 to the SMTP server
> times out. Before the installation of this rule it was no problem to
> reach the SMTP port of the SMTP server. So, it seems that FW-1 indeed
> recognizes the SMTP traffic and is doing some sort of NAT. But I can't
> reach the new SMTP server. I even don't see any traffic leaving the
> firewall's interface. What is going wrong here?
>
> Any comments are appreciated.
>
> Er, no, not any. Comments stating that this is not the intended use of
> FW-1 should be directed to /dev/null :-)
>
> Ciao, Joerg
>
>
>
>
> // pallas  GmbH  ............  Joerg Oertel  ...........
>    Hermuelheimer Str. 10       System engineer
>    D-50321 Bruehl, Germany     [EMAIL PROTECTED]
>                                phone  +49-(0)2232-1896-0
>    http://www.pallas.de        fax   +49-(0)2232-1896-29
> ........................................................
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to