Internet Related/Filtering/Firewall Thread, Exposing an email server through Smoothwall for external access in Technical; Hi,
I'm hoping one of the smoothwall experts out there can help with a small problem we have. We just ...
23rd March 2010, 02:24 PM #1
Exposing an email server through Smoothwall for external access
I'm hoping one of the smoothwall experts out there can help with a small problem we have. We just upgraded our internet access and previously had our email server straddling both the internal and external networks - two NICs one internal and one external. Our cisco router was then directly connected to our Smoothwall box and the external NIC of our email server, allowing email webclient access both internally and externally.
I want to move our email server behind our Smoothwall box and just open up the necessary firewall ports on Smoothwall to allow external access to email.
I've configured an external alias on Smoothwall, using a 2nd static ip from the range allocated, then set up port forwarding to forward http and https traffic onto our mail server's internal ip. Now when I try to access the mail server using the alias ip from outside of the network I get a 404 Not found.
Looking at the access logs on the mail server, the external traffic is not getting through, and looking at the realtime firewall logs on the Smoothwall box I can see why - entries from my external ip (with strange port numbers - e.g. 31225) are being blocked, however the destination ip is the internal ip of our mail server and the port is correct (443).
My question, finally, is why would an http request be hitting smoothwall with a strange port number, rather than 443 as one would expect, and why would the logs show the destination as the internal ip of our mail server, since the firewall rule is not being matched - hence the block.
I'm sure I'm missing something obvious here - any help gratefully received.
24th March 2010, 11:04 AM #2
When you connect to a server you open up a local high numbered port to connect to the remote port 443 on the server, like..
Originally Posted by Dickens
mypc:31225 -> mailserver:443
So that's not a problem. Is it actually a 404 you get, as that would indicate that the webserver on the mailserver is returning content (404 is a message that the server itself sends, not that the browser generates to say it can't find something).
First place that I would check is the mailserver - if you've previously had two NICs and now are using one, make sure that you have the correct default gateway set. The internal NIC needs to have its default gateway set to the SmoothWall so that the packets can get back from the mailserver, to the SmoothWall, then back on to the remote client.
Also you might want to set up source mapping so that when the mailserver goes outbound it uses the same alias IP - otherwise you get a situation where mail comes in on one IP but the server sends out on another; some external spam systems will flag this as dubious and you might get blocked.
Hope this helps,
Thanks to rob_f from:
Dickens (24th March 2010)
24th March 2010, 06:36 PM #3
By ChrisH in forum Internet Related/Filtering/Firewall
Last Post: 16th March 2010, 12:13 PM
By actech in forum Web Development
Last Post: 3rd April 2009, 02:08 PM
By Norphy in forum How do you do....it?
Last Post: 10th November 2006, 01:24 AM
By ryan_powell in forum Web Development
Last Post: 9th September 2006, 09:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread