Ioannis Tsouvalas put forth on 5/30/2010 2:46 PM: > I have disabled shorewall on Postfix machine using #shorewall clear , but > I'm still working on clearing shorewall on the dedicated machine, but I > haven't managed to make it happen since all the NAT has been implemented on > the shorewall configuration.
You may want to leave it for now if you've disabled firewalling on the Postfix VM. > I'm still trying to figure out a safe way to > move from shorewall to iptables. So here is the diagram in case that > anything else comes in mind. Shorewall is merely a nice front end for iptables. At this point, I'd move the Postfix VM out of the DMZ, putting it in the same subnet as the Exchange server, and disable any packet mangling being done by the Shorewall other than S/DNAT. In other words, make TCP/IP transmission identical from the F/W to both Postfix and Exchange, and allow Postfix and Exchange to communicate directly with one another, no firewall in between them. Run with this config for a while and see if the errors go away between Postfix and Exchange. If they do, but you still see the relevant errors while communicating with _external_ mail servers, then you can probably assume the problem is with Shorewall, and then focus your troubleshooting there. All of these VMs run on a single physical machine, correct? What machine is it, and what NICs does it have (make/model)? What knobs have you turned in ESX with regard to the virtual switch, VLANs, virtual NICs, etc? -- Stan > > NETWORK DIAGRAM > > > INTERNET > | > | > | > ADSL ROUTER +ZONE NET+ > | > ESXI VER. 4 UPDATE 1 |(PHYSICAL 1ST ADAPTER) > | > +===========================|===============================+ > | | | > | |VMXNET3(VIRT ADPT) | > | (SMTP/ACCEPT) | | > | +---------------------SHOREWALL +ZONE FIREWALL+ | > | | (UBUNTU X64) | > | | | | > | > | |VMXNET3(VIRT ADPT) | | VMXNET3(VIRT ADPT) | > | | | | > | > |POSTFIX +ZONE DMZ+ | +-----------------+ | > |(UBUNTU X64) |(SMTP/ | | > | | ACCEPT) | | > | | | > | > | |VMXNET3 | | > | |(VIRT ADPT) | > | > | | | > | > | | | | > | EXCHANGE 2007 +ZONE LOCAL+ | | > | WINDOWS SBS 2008 | | > +=====================================================|=====+ > > |(PHYSICAL 2ND > | > ADAPTER) > | > LOCAL SWITCH +ZONE > LOCAL+ > > > Ioannis > > > __________ Information from ESET Smart Security, version of virus signature > database 5155 (20100530) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > >
