|
Title: Newbye Mailserver problem Post by: Maestrale on Thursday 08 April 2010, 08:13:37 am I'm a newbye in endian and in firewalling too
I have an ipcop with this configuration: two interface (red and green) in the green zone (192.168.1.0/24) I have a zimbra mail server at address 192.168.1.200 and a windows server 2003 at 192.168.1.100 that I use also like dns server Whit IPcop all works fine I setup the nat rules for the mail server and for the file server too. Now I’d like to switch to Endian for two reasons : One, make a dmz whit the fileserver and mailserver Two, use two uplink interface for a failover I’m started whit a basic configuration for make a step by step configuration of the endian firewall , simply I have tried to make the same configuration that I have on IPcop , two interface (red and green) and nat for mail And I’m just remain blocked !!! sic. I can send mail I can surf the web but I can’t receive mail at all I’ve tried all nat configuration but noting happen. Were I’m wrong ? What is the correct syntax for a simple nat rule in endian ? I had suppose to use the destination nat like this (example whit one port): Source ANY Target 192.168.1.200 Policy Allow Port TCP 110 filter leaved blank is correct ? Can somebody help me ? Excuse me for my bad English please Title: Re: Newbye Mailserver problem Post by: Steve on Thursday 08 April 2010, 08:56:41 am Firstly a few things:
Quote One, make a dmz whit the fileserver and mailserver You can not have 2 DMZ targets Quote Two, use two uplink interface for a failover Failover in the current Community version can not switch back and forth.ie: If Red(a) fails, system will switch to Red(b) - but then if Red(b) fails system will not switch to Red(a) again. Perhaps this will be fixed in the next version. Mail Problem. You can use the SMTP proxy or you can set it up manually like this: Access from ANY Target <ANY Uplink> Filter policy Allow Service/Port SMTP Protocol * TCP Target port/range 25 Translate to * IP DNAT Policy NAT Insert IP 192.168.1.200 Port/Range 25 The port for receiving mail is 25, not 110 which is the POP3 port. Title: Re: Newbye Mailserver problem Post by: Maestrale on Thursday 08 April 2010, 04:23:00 pm Many tanks !
I try this setting for the mail .... I open all the mail port the "110" is only an example I need 25 110 and 143 too "zimbra use imap" and I need port 80 too for mail web access. I' m sic for the "half" failover but I can switch to the primary uplink manually from console for now , is correct ? I'm going to try the settings..... Title: Re: Newbye Mailserver problem Post by: Maestrale on Friday 09 April 2010, 05:40:10 am Ok, all perfect tank's Steve !
Only a little problem, maybe a bug ? I haved "create" and configured the second uplink , I have delete it and when I try to create it again , I can't , I insert all data click on create the page become blank and nothing happens I reload the page....nothing... I try to configure that in console tomorrow.... Tanks again !! :) |