Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Allowing relay through Watchguard Firebox 1000

From: Frederick M Avolio <fred () avolio com>
Date: Sat, 21 Feb 2004 15:51:12 -0500
At 03:40 PM 2/21/2004 -0500, Karl D. Mueller wrote:

My suggestion is to remove the SMTP proxy alltogether from the
watchguard, and just setup a port forward (1-to-1 NAT in
watchguard-speak) directly to your server.


Ahhhrrrggggg.

<sarcasm>
You *will* find things are much faster without all those nasty firewall rules getting in the way. 
</sarcasm>
I was impressed that some people were actually using the SMTP proxy rather than just dynamic packet filtering on the Firebox. Take it out of the way? No, debug it, dammit. It is possible (as the poor gent with the Exchange server asked) that it is the inside server that's complaining. Look at the Firebox logs and the e-mail server logs. SMTP relays are funny things... they reject mail themselves and the reject mail if the server to which they tried to connect rejects the transaction.
I was so enamored with the Firebox SMTP Proxy, I wrote a column for them (a few years ago when I was on their advisory board). It is dated, but I do make a case for it. (http://www.avolio.com/columns/smtp_proxy.html.) 

I suspect sometimes that I am the oldest person on this list...

f

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: