Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 15 December 2024, 12:00:38 pm

Login with username, password and session length

Download the latest community FREE version  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Newbye Mailserver problem
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Newbye Mailserver problem  (Read 10430 times)
Maestrale
Full Member
***
Offline Offline

Posts: 11


« on: Thursday 08 April 2010, 08:13:37 am »

I'm a newbye in endian and in firewalling too
I  have an ipcop with this configuration:
 two interface (red and green) in the green zone (192.168.1.0/24) I have a zimbra mail server at address 192.168.1.200 and
a windows server 2003 at 192.168.1.100 that I use also like dns server
Whit IPcop all works fine I setup the nat rules for the mail server and for the file server too.
Now I’d like to switch to Endian for two reasons :
One, make a dmz whit the fileserver and mailserver
Two, use two uplink interface for a failover 
I’m started whit a basic configuration for make a step by step configuration of the endian firewall , simply
I have tried to make the same configuration that I have on IPcop , two interface (red and green) and nat for mail
And I’m just remain blocked !!! sic.
I can send mail I can surf the web but I can’t receive mail at all I’ve tried all nat configuration but noting happen.
Were I’m wrong ?
What is the correct syntax for a simple nat rule in endian ?
I had suppose to use the destination nat like this (example whit one port):
Source ANY   Target 192.168.1.200    Policy Allow      Port TCP 110      filter leaved blank    is correct ?
Can somebody help me ?
 
Excuse me for my bad English please 
Logged
Steve
Sr. Member
****
Offline Offline

Posts: 108



WWW
« Reply #1 on: Thursday 08 April 2010, 08:56:41 am »

Firstly a few things:
Quote
One, make a dmz whit the fileserver and mailserver

You can not have 2 DMZ targets

Quote
Two, use two uplink interface for a failover 
Failover in the current Community version can not switch back and forth.
ie: If Red(a) fails, system will switch to Red(b) - but then if Red(b) fails system will not switch to Red(a) again.
Perhaps this will be fixed in the next version.

Mail Problem.
You can use the SMTP proxy or you can set it up manually like this:

Access from ANY
Target <ANY Uplink>
Filter policy Allow
Service/Port SMTP  Protocol * TCP  Target port/range 25
Translate to * IP  DNAT Policy   NAT
Insert IP 192.168.1.200  Port/Range 25


The port for receiving mail is 25, not 110 which is the POP3 port.
Logged

                          
Maestrale
Full Member
***
Offline Offline

Posts: 11


« Reply #2 on: Thursday 08 April 2010, 04:23:00 pm »

Many tanks !
I try this setting for the mail ....
I open all the mail port the "110" is only an example I need 25 110 and 143 too "zimbra use imap"
and I need port 80 too for mail web access.
I' m sic for the "half" failover but I can switch to the primary uplink manually from console for now , is correct ?
I'm going to try the settings.....
Logged
Maestrale
Full Member
***
Offline Offline

Posts: 11


« Reply #3 on: Friday 09 April 2010, 05:40:10 am »

Ok, all perfect tank's Steve !
Only a little problem, maybe a bug ? I haved "create" and configured the second uplink , I have delete it and when I try to create it again , I can't ,   I insert all data click on create the page become blank and nothing happens I reload the page....nothing...
I try to configure that in console tomorrow....
Tanks again !!  Smiley
 
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com