D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: gree0115 on December 19, 2009, 07:04:36 AM
-
Dear All,
I am new to the DLink NetDefend firewalls and wondered if anyone could offer me a bit of assistance please.
I'm just in the process of swapping out a Multitech RF860 internet security appliance as this is going end of life due to an obsolete component. I'm installing a DFL-860.
I am having problems with SMTP configuration. I currently have an Exchange server which sits on the local LAN. With my Multitech box (which had an SMTP proxy service), I just had to point the Multitech box to the LAN address of my exchange server. The ISP delivered mail to the WAN address of the Multitech box and then via SMTP proxy the Multitech then passed it through to the Exchange server.
Since installing the DLink I can't receive incoming emails, outgoing are being delivered fine as these obviously go directly via Exchange through ports which are in the default set so are open by default.
I'd like to keep the Exchange server on the LAN as I've got a Citrix server on the DMZ and use address translation to map from the public to the private address. This was all done via DNAT and SNAT on my previous box. If anyone could point me in the right direction or needs any further information I'd be very grateful.
Thanks in advance.
David
-
You need 2 rules
A Sat rule pointing to the wan public ip address (core) redirecting incoming smtp protocol connections redirecting to internal ip of the server
And a allow rule equivalent to let the traffic pass
-
Thanks Chechito,
I'll give that a try.
Cheers,
David
-
a sample of the rules
12 smtp_inb_sat SAT any all-nets core etb_pppoe_ip smtp_inb
13 smtp_inb_allow Allow any all-nets core etb_pppoe_ip smtp_inb
-
I've put in the rules as per Chechito's previous post but am not seeing any emails reaching the Exchange server. I am now seeing traffic coming in which is being processed by the rule but it doesn't seem to be arriving at the Exchange Server. Below are the latest set of logs with any port 25 traffic. The service is smtp-inbound so it is using the SMTP ALG Service. I've added *@jbrand.co.uk as recipient and whitelist on the SMTP ALG service, but still seeing no inbound smtp traffic arriving at the Exchange server.
2009-12-29
10:39:12 Info CONN
600002 SMTP_INB_ALLOW TCP wan1
core 200.40.46.162
195.172.38.34 2178
25 conn_close
close
conn=close origsent=168 termsent=124
2009-12-29
10:38:42 Info CONN
600002 SMTP_INB_ALLOW TCP wan1
core 189.106.101.89
195.172.38.34 4323
25 conn_close
close
conn=close origsent=168 termsent=124
2009-12-29
10:38:00 Info CONN
600002 SMTP_INB_ALLOW TCP wan1
core 212.135.6.130
195.172.38.34 53828
25 conn_close
close
conn=close origsent=140 termsent=124
2009-12-29
10:37:52 Info CONN
600002 SMTP_INB_ALLOW TCP core
lan 200.40.46.162
10.1.1.7 19653
25 conn_close
close
conn=close origsent=124 termsent=124
2009-12-29
10:37:51 Info ALG
200001 TCP wan1
core 200.40.46.162
195.172.38.34 2178
25 alg_session_open
algmod=smtp algsesid=507 origsent=88 termsent=44
2009-12-29
10:37:51 Info CONN
600001 SMTP_INB_ALLOW TCP wan1
lan 200.40.46.162
195.172.38.34 2178
25 conn_open
satdestrule=SMTP_INB_SAT conn=open
2009-12-29
10:37:48 Info CONN
600002 SMTP_INB_ALLOW TCP wan1
core 216.82.254.35
195.172.38.34 28699
25 conn_close
close
conn=close origsent=140 termsent=124
-
Just to close this off. After playing around for a while the rule needed to be NAT rather than Allow. This has done the trick and is now working.
12 smtp_inb_sat SAT any all-nets core etb_pppoe_ip smtp_inb
13 smtp_inb_allow NAT any all-nets core etb_pppoe_ip smtp_inb
Cheers,
David