Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[gree0115]

Dear All,

I am new to the DLink NetDefend firewalls and wondered if anyone could offer me a bit of assistance please.

I'm just in the process of swapping out a Multitech RF860 internet security appliance as this is going end of life due to an obsolete component. I'm installing a DFL-860.

I am having problems with SMTP configuration. I currently have an Exchange server which sits on the local LAN. With my Multitech box (which had an SMTP proxy service), I just had to point the Multitech box to the LAN address of my exchange server. The ISP delivered mail to the WAN address of the Multitech box and then via SMTP proxy the Multitech then passed it through to the Exchange server.

Since installing the DLink I can't receive incoming emails, outgoing are being delivered fine as these obviously go directly via Exchange through ports which are in the default set so are open by default.

I'd like to keep the Exchange server on the LAN as I've got a Citrix server on the DMZ and use address translation to map from the public to the private address. This was all done via DNAT and SNAT on my previous box. If anyone could point me in the right direction or needs any further information I'd be very grateful.


Thanks in advance.

David

[chechito]

You need 2 rules


A Sat rule pointing to the wan public ip address (core) redirecting incoming smtp protocol connections redirecting to internal ip of the server

And a allow rule equivalent to let the traffic pass

[gree0115]

Thanks Chechito,

I'll give that a try.

Cheers,

David

[chechito]

a sample of the rules

12      smtp_inb_sat      SAT      any      all-nets      core      etb_pppoe_ip      smtp_inb
13     smtp_inb_allow     Allow     any     all-nets     core     etb_pppoe_ip     smtp_inb

[gree0115]

I've put in the rules as per Chechito's previous post but am not seeing any emails reaching the Exchange server. I am now seeing traffic coming in which is being processed by the rule but it doesn't seem to be arriving at the Exchange Server.  Below are the latest set of logs with any port 25 traffic. The service is smtp-inbound so it is using the SMTP ALG Service. I've added *@jbrand.co.uk as recipient and whitelist on the SMTP ALG service, but still seeing no inbound smtp traffic arriving at the Exchange server.

2009-12-29
10:39:12   Info   CONN
600002   SMTP_INB_ALLOW   TCP   wan1
core   200.40.46.162
195.172.38.34   2178
25   conn_close
close
conn=close origsent=168 termsent=124

2009-12-29
10:38:42   Info   CONN
600002   SMTP_INB_ALLOW   TCP   wan1
core   189.106.101.89
195.172.38.34   4323
25   conn_close
close         
conn=close origsent=168 termsent=124

2009-12-29
10:38:00   Info   CONN
600002   SMTP_INB_ALLOW   TCP   wan1
core   212.135.6.130
195.172.38.34   53828
25   conn_close
close         
conn=close origsent=140 termsent=124

2009-12-29
10:37:52   Info   CONN
600002   SMTP_INB_ALLOW   TCP   core
lan   200.40.46.162
10.1.1.7   19653
25   conn_close
close         
conn=close origsent=124 termsent=124

2009-12-29
10:37:51   Info   ALG
200001      TCP   wan1
core   200.40.46.162
195.172.38.34   2178
25   alg_session_open         
algmod=smtp algsesid=507 origsent=88 termsent=44

2009-12-29
10:37:51   Info   CONN
600001   SMTP_INB_ALLOW   TCP   wan1
lan   200.40.46.162
195.172.38.34   2178
25   conn_open         
satdestrule=SMTP_INB_SAT conn=open

2009-12-29
10:37:48   Info   CONN
600002   SMTP_INB_ALLOW   TCP   wan1
core   216.82.254.35
195.172.38.34   28699
25   conn_close
close         
conn=close origsent=140 termsent=124

[gree0115]

Just to close this off. After playing around for a while the rule needed to be NAT rather than Allow. This has done the trick and is now working.

12      smtp_inb_sat      SAT      any      all-nets      core      etb_pppoe_ip      smtp_inb
13     smtp_inb_allow     NAT     any     all-nets     core     etb_pppoe_ip     smtp_inb

Cheers,

David