Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: accessing SMTP server via the translated address

From: "Rudy Setiawan" <rudal () online rudal com>
Date: Sat, 13 Dec 2008 22:06:12 -0800
Heya Kevin, yeah it's possible to do that but instead of managing two
DNS'es, we only manage 1 DNS resolution.

Thanks for the input :)

Regards,
Rudy


On Sat, Dec 13, 2008 at 6:07 PM, Kevin Horvath <kevin.horvath () gmail com> wrote:

Since your workstation is on the same internal subnet as the mail
server why would you try to ping out to the xlated ip?  If your on the
same internal subnet you should be pinging the 10.10.1.2 ip.  I guess
I am missing something?

On Fri, Dec 12, 2008 at 4:17 AM, Rudy Setiawan <rudal () online rudal com> wrote:

Hi,

we have a firewall, both outside and inside interfaces.
We have a SMTP server that lives in the inside network
and it's translated to a public IP on the outside interface.
SMTP inside IP: 10.10.1.2
Translated IP: 216.15.4.4
in the pix (version 7.2.3)
static (inside,outside) 216.15.4.4 10.10.1.2 netmask 255.255.255.255

I have a workstation with IP 10.10.1.4 which has a translated IP of 216.15.4.6

From my workstation I tried to access 216.15.4.4 port 25 or ping

216.15.4.4. I got request timed out.

I have access-list that allows icmp as well as port 25 on the 216.15.4.4 IP.
I am able to access port 25 and ping the IP from anywhere in the world.

How can I permit such traffic?

Thanks,
Rudy
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: