+ Post New Thread
Results 1 to 3 of 3
Internet Related/Filtering/Firewall Thread, Exposing an email server through Smoothwall for external access in Technical; Hi, I'm hoping one of the smoothwall experts out there can help with a small problem we have. We just ...
  1. #1
    Dickens's Avatar
    Join Date
    Nov 2009
    Posts
    17
    Thank Post
    2
    Thanked 2 Times in 1 Post
    Rep Power
    10

    Exposing an email server through Smoothwall for external access

    Hi,

    I'm hoping one of the smoothwall experts out there can help with a small problem we have. We just upgraded our internet access and previously had our email server straddling both the internal and external networks - two NICs one internal and one external. Our cisco router was then directly connected to our Smoothwall box and the external NIC of our email server, allowing email webclient access both internally and externally.

    I want to move our email server behind our Smoothwall box and just open up the necessary firewall ports on Smoothwall to allow external access to email.

    I've configured an external alias on Smoothwall, using a 2nd static ip from the range allocated, then set up port forwarding to forward http and https traffic onto our mail server's internal ip. Now when I try to access the mail server using the alias ip from outside of the network I get a 404 Not found.

    Looking at the access logs on the mail server, the external traffic is not getting through, and looking at the realtime firewall logs on the Smoothwall box I can see why - entries from my external ip (with strange port numbers - e.g. 31225) are being blocked, however the destination ip is the internal ip of our mail server and the port is correct (443).

    My question, finally, is why would an http request be hitting smoothwall with a strange port number, rather than 443 as one would expect, and why would the logs show the destination as the internal ip of our mail server, since the firewall rule is not being matched - hence the block.

    I'm sure I'm missing something obvious here - any help gratefully received.

  2. #2

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    225
    Thank Post
    16
    Thanked 73 Times in 56 Posts
    Rep Power
    25
    Quote Originally Posted by Dickens View Post
    Hi,

    I've configured an external alias on Smoothwall, using a 2nd static ip from the range allocated, then set up port forwarding to forward http and https traffic onto our mail server's internal ip. Now when I try to access the mail server using the alias ip from outside of the network I get a 404 Not found.

    Looking at the access logs on the mail server, the external traffic is not getting through, and looking at the realtime firewall logs on the Smoothwall box I can see why - entries from my external ip (with strange port numbers - e.g. 31225) are being blocked, however the destination ip is the internal ip of our mail server and the port is correct (443).

    My question, finally, is why would an http request be hitting smoothwall with a strange port number, rather than 443 as one would expect, and why would the logs show the destination as the internal ip of our mail server, since the firewall rule is not being matched - hence the block.
    When you connect to a server you open up a local high numbered port to connect to the remote port 443 on the server, like..

    mypc:31225 -> mailserver:443

    So that's not a problem. Is it actually a 404 you get, as that would indicate that the webserver on the mailserver is returning content (404 is a message that the server itself sends, not that the browser generates to say it can't find something).

    First place that I would check is the mailserver - if you've previously had two NICs and now are using one, make sure that you have the correct default gateway set. The internal NIC needs to have its default gateway set to the SmoothWall so that the packets can get back from the mailserver, to the SmoothWall, then back on to the remote client.

    Also you might want to set up source mapping so that when the mailserver goes outbound it uses the same alias IP - otherwise you get a situation where mail comes in on one IP but the server sends out on another; some external spam systems will flag this as dubious and you might get blocked.

    Hope this helps,


    Rob.

  3. Thanks to rob_f from:

    Dickens (24th March 2010)

  4. #3
    Dickens's Avatar
    Join Date
    Nov 2009
    Posts
    17
    Thank Post
    2
    Thanked 2 Times in 1 Post
    Rep Power
    10
    Rob - you're a star !

    I'd removed the details of the second nic from /etc/network/interfaces, but forgot to add the gateway onto the internal nic to allow it access outside of the network. Once the gateway was added, everything fell into place and I can now access the mail server from outside of the network. I've also added the source mapping - thanks for the tip, much appreciated !

SHARE:
+ Post New Thread

Similar Threads

  1. Smoothwall- No internet access through Terminal Server
    By ChrisH in forum Internet Related/Filtering/Firewall
    Replies: 8
    Last Post: 16th March 2010, 11:13 AM
  2. Problem - external access to web server
    By actech in forum Web Development
    Replies: 14
    Last Post: 3rd April 2009, 01:08 PM
  3. External student email access
    By Norphy in forum How do you do....it?
    Replies: 30
    Last Post: 10th November 2006, 12:24 AM
  4. External Web Access to IIS 6.0 Server
    By ryan_powell in forum Web Development
    Replies: 24
    Last Post: 9th September 2006, 08:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •