Since you are port forwarding, the forward chain does not enter into it. Since fairq has no port-25 rules, the packets should drop back to output and be included in what its final rule ACCEPTs.20 800 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 25
Assuming this is the right IP address for the Exchange server, the port-forwarding part looks OK
So ... it's not a firewall problem in the narrow sense; that is, it is not the firewalling part of the Dachstein setup that's causing the problem, though there may still be a problem with the Dachstein router/firewall in a less specific sense. But since forwarding to the Web server works, we can assume no Dachstein problems at the link layer or with the routing table.TCP 216.70.236.236 192.168.1.4 25 25 8 10
But with all of that, I cannot connect (using telnet) to your mail server from here (though I can ping you and connect to the Web server).
So ... how thoroughly have you checked the Exchange server for configuration problems? Is the Dachstein router its default gateway (and not the proxy server at 216.70.236.235)? Does Exchange do any authentication (such as auth) of a sort that might work with the proxy server but not an ordnary port-forwarding router? I hesitate to go down this road very far, since I suspect you know more about Windows sysadmin issues than I do, but I would encourage you to spend some time thinking about possible problems with Exchange or the server it runs on.
Is the Dachstein router replacing a prior router of some sort? Or is this a new connection (that is, did everything previously use the proxy server at 216.70.236.235)?
At 02:32 PM 2/10/03 -0800, Doug Sampson wrote:
[detailed diagnostics and discussion deleted] For almost 2 years, we've used TelePacific, a telecommunications provider with full ISP functions. We currently use a fractional T-1 link. We've never had a problem with them when it comes to providing full ISP functionality.I'm thinking there *has* to be a misconfiguration of the firewall. The question is where do I go from here? All I have on the firewall is dnscache, tinydns, weblet, and sshd besides the usual Dachstein files.
-- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
