Hi,
i put up a rule that allowed dns(tcp+udp), smtp and ftp. it looks like this:
---<snip>---
:src (
: Any
)
:dst (
: mail-router
: referens-computer
)
:services (
: smtp
: dns
: ftp
)
:action (
: (accept
:type (accept)
:macro (RECORD_CONN)
:icon-name (icon-accept)
:text-rid (61463)
:windows-color (green)
)
---<snip>---
This is what i do:
Firewall (10.2.1.1) ----->--to-->----- DNS/Mail-Router (10.2.1.10)
Firewall
======
---(shell command)---
[root@fw01 /root]# telnet 10.2.1.10 25
Trying 10.2.1.10...
telnet: connect to address 10.2.1.10: Connection refused
---(tcpdump output)---
10:05:20.330973 > 10.2.1.1.1126 > 10.2.1.10.smtp: S
2328932537:2328932537(0) win 32120 <mss 1460,sackOK,timestamp 5067718
0,nop,wscale 0> (DF) [tos 0x10]
10:05:20.331221 < 10.2.1.10.smtp > 10.2.1.1.1126: R 0:0(0) ack 2328932538
win 0 (DF) [tos 0x10]
---
---(fw log)---
there are no smtp-entries in the firewall log!!!
long-log on all rules! dns-queries gets in the log. but not smtp.
DNS/Mail-Router
=============
---(tcpdump output---
10:05:19.850000 eth0 < 10.2.1.1.1126 > 10.2.1.10.smtp: S
2328932537:2328932537(0) win 32120 <mss 1460,sackOK,timestamp 5067718
0,nop,wscale 0> (DF) [tos 0x10]
10:05:19.850000 eth0 > 10.2.1.10.smtp > 10.2.1.1.1126: R 0:0(0) ack
2328932538 win 0 (DF) [tos 0x10]
im digging further in to this problem, as right now but any help is wanted.
Currently recompling the kernel with less shit that RedHat includes in the
default configuration.
best regards.
//Claes Jansson - SWEDEN
At 07:57 2001-09-11 +0100, you wrote:
>Claes,
>
> Do the DNS queries and the FTP connections happen to the same system ?
>
> Do you use the same rule for FTP and for SMTP ?
>
> From what I read in the tcpdump output, you are NATting the address of
> the mail server, are you sure everything is correct in there ? Both
> incoming and outgoing ? It seems to me that the mail server sees the SYN
> packet but never answers to it. Just as a test, put a rule allowing smtp
> from the Firewall to the SMTP server, and try to telnet on port 25 from
> the Firewall to see what happens.
>
>Met vriendelijke groeten - Bien � vous - Kind regards
>
>Guy ROELANDTS
>EMEA GS Internet Expertise Centre - CCSA & CCSE
>Compaq Software Engineer - Belgium
>E-mail : [EMAIL PROTECTED]
>Tel: +32(02)729.77.44 (options 3 - 3 - 1)
>Fax: +32(02)729.77.65
>
>=====================================================================
>This message may contain confidential and/or proprietary information,
>and is intended only for the person/entity to whom it was originally
>addressed. The content of this message may contain private views and
>opinions which do not constitute a formal disclosure or commitment
>unless specifically stated. Should you receive this message by mistake
>please inform the sender immediately.
>=====================================================================
>
>
>
>-----Original Message-----
>From: Claes Jansson [mailto:[EMAIL PROTECTED]]
>Sent: Monday, September 10, 2001 7:47 PM
>To: [EMAIL PROTECTED]
>Subject: [FW1] SMTP: Connection Refused
>
>
>
>Hi,
>
>my very wierd problem is as follows. I got a dns/mail-router host on the
>dmz (static nat). When i try to connect to the ns/mail-router on port 25
>with SendMail/Telnet whatever, i get Connection refused. The dns queries
>goes through just fine, also ftp, and not by the default rule. The most
>wierd thing is that if i change to a microsoft smtp-host it works :-(.
>
> From a "internet" computer i do this
>---
>[root@test /root]# telnet 62.x.x.a 25
>Trying 62.x.x.a...
>telnet: Unable to connect to remote host: Connection refused
>---
>
>The target computer gets this with tcpdump:
>---
>23:23:13.937159 eth0 < 62.x.x.b.4682 > 10.8.1.30.smtp: S
>1288656180:1288656180(0) win 5840 <mss 1460,sackOK,timestamp 112960398
>0,nop,wscale 0> (DF)23:23:13.937159 eth0 > 10.8.1.30.smtp > 62.x.x.b.4682:
>R 0:0(0) ack 1288656181 win 0 (DF)
>---
>
>
>The firewall says this:
>---
>19:23:59 accept fw01.nykoping.se >eth0 proto tcp src 62.x.x.b dst 62.x.x.a
>service smtp s_port 4682 len 60 rule 6 xlatesrc 62.x.x.b xlatedst 10.8.1.30
>xlatesport 4682 xlatedport smtp
>---
>
>Internet-Computer: Linux 7.1 (2.4.x)
>Firewall: Linux 7.0 (2.2.19-7.0.8) CPfw 4.1-SP4
>(CPSUITE-EVAL-DES-V41)
>Target (smtp-host) Linux 7.1 (2.4.x) running SendMail
>
>
>does anyone have any sugestions? Im all out :-/ Running on this EVAL licens
>due to that we're moving from one ISP to another.
>
>best regards.
>
> //Claes Jansson - Sweden
>
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
