[isalist] Re: SMTP - internal to localhost issue..
- From: "Paul T. Laudenslager" <paul@xxxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 3 Dec 2009 18:04:51 -0500
They are... In fact, I typically do all of the rules that way.. they shouldn't
be?
.. <waiting for your awesome enlightment>
Your friend in Virginia,
Paul Laudenslager
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Jim Harrison [Jim@xxxxxxxxxxxx]
Sent: Thursday, December 03, 2009 5:10 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SMTP - internal to localhost issue..
Bet #1: the publishing rules are configured as "requests appear to come from
the original client"
..who wants to take it from there?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Paul T. Laudenslager [paul@xxxxxxxxxxxxxxxx]
Sent: Wednesday, December 02, 2009 8:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SMTP - internal to localhost issue..
Hi Thor!
You are too damb funny!
Brief History: I just moved most of my equipment into a rack in AOL’s old
datacenter up in Northern, VA. I’ve been spoiled by having all of my equipment
in my house with multiple T’s. Of course, I really won’t mind saving $500/m on
my electric bill! <big cheesy grin>
I built a new ISA box that I put behind a Cisco firewall. All of the internal
servers use a private IP address range (172.16.x.x) that point to the IP on the
internal ISA nic (172.16.88.1). All of the public IP’s (two class C’s) are
assigned to the outside ISA nic.
From the outside, I can telnet to the public IP’s smtp port just fine
(publishing works great). I can telnet to port 25 from one private IP to
another just fine. I can also telnet from a private IP to an outside smtp port
on the Internet just fine. I just can’t telnet to one of my “public” ips on
the firewall and have it go back internally to the private network.
This part is embarrassing… I know how to go to Monitoring/Logging and create
the queries I’m looking for… -= Please don’t laugh here =- …but I’ve never been
into the firewall logs. In fact, I’m not even sure where they are located.
I’ve always do my troubleshooting from the logging page.
Here’s what the logging page is showing me… (I’m telnetting from the
172.16.88.35 box to the 74.220.152.40 public ip). The 74.220.88.40 is the
public ip for the published 172.16.88.40 server.
[cid:image001.png@01CA73A2.98FEEBE0]
I can telnet to ANYWHERE from the .35 box EXCEPT to my published, public IPs.
Something I learned here on the list was to create an “Open All” rule (for
troubleshooting purposes) which allows all ports on all networks. Even with
this rule enabled, I still receive a Denied connection.
<head hanging down to you great almightys> Where do I go to view the logs?
Your friend,
Paul
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Wednesday, December 02, 2009 7:47 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SMTP - internal to localhost issue..
Don’t listen to Steve. He’s on crack. I’m assuming you’re servers are SNAT
clients (int ISA nic is their default gateway) since you are publishing… you
should be able to telnet to 25 on your server’s external published address just
fine as long as your rules allow that. I just telnet’ed from my Exchange box
itself to its externally published address and it worked just fine. What do
your ISA logs say?
t
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Paul T. Laudenslager
Sent: Wednesday, December 02, 2009 4:33 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SMTP - internal to localhost issue..
Okay... Hmm...
Let's say I have a bunch of customers on ServerA and a different bunch on
ServerB.
If customers on ServerA send customers on ServerB an email, the ServerA server
resolves the IP address to the "external" or "public" IP, not the
internal/local IP.
I don't want to have to have maintain an entire DNS to resolve hundreds of
domain names internally. I thought I had this configuration working several
times before... maybe I'm wrong.
One way that does work is to implement a mail relay server outside the
firewall. However, that means all internal smtp traffic from one mail server
to another has to go outside the firewall.
There just seems something wrong with that.
Me wanna worky! :)
-paul
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Steve Moffat [Steve@xxxxxxxxxx]
Sent: Wednesday, December 02, 2009 7:14 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SMTP - internal to localhost issue..
Don’t try to do that through ISA…no worky….
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Paul T. Laudenslager
Sent: Wednesday, December 02, 2009 8:11 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] SMTP - internal to localhost issue..
Okay, I'm missing something simple here but have yet to figure it out.
1. I published (2) internal SMTP boxes to outside "live" IP addresses. I can
access these internal servers on port 25 just fine on thier 'public' ips.
2. I can telnet to the SMTP port of each other's private IP address. (ie.
172.16.x.x to 172.16.x.x)
Problem
======
When I try and telnet from one SMTP server to the published "public" IP of the
other SMTP server, the connection is denied.
I've created a rule to allow internal network to localhost network for port 25
but it is still failing.
Any suggestions on what to look for next?
Thanks in advance for your kind suggestions! :)
-paul
________________________________
This email is confidential and should only be read by the intended recipient.
________________________________
This email is confidential and should only be read by the intended recipient.
________________________________
This email is confidential and should only be read by the intended recipient.
________________________________
This email is confidential and should only be read by the intended recipient.
Other related posts:
