[ previous ] [ next ] [ threads ]
 
 From:  Robert Rich <rrich at gstisecurity dot com>
 To:  Tim Brewer <T dot Brewer at beth dot school dot nz>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Sending Email from m0n0 lan to m0n0 lan - sort of
 Date:  Thu, 28 Jul 2005 16:49:51 -0400
Tim,  
   
Based on the diagram you put in the original email, it looks like there could be a routing issue
between SMEB and Exchange.  If SMEB is on the 192.168.x.x (192.168.11.50, right?) network with a
default gateway of the Internet router, then you'll need a static route or use NAT and tell m0n0 to
proxy arp for whatever address you want to use for Exchange.  
   
Also, on the list of IP addresses, it looks like m0n02 and SMEA are using the same address
(192.168.11.10)  
   
Regarding the change in error message, since it's failing during a DNS request, i would think that
you aren't necessarily 'past' the connection problem.  CNAME lookups would likely happen before the
connection is even attempted.  
   
If the telnet from LAN2 to SMEB is working, run a 'netstat -an' or equivalent on the SMEB box _while
the connection is still up_ and look for the 'ESTABLISHED' connection to port 25.  If the source IP
shows up as the real LAN ip of the PC on LAN2, then routing isn't an issue.  If it has been
translated to the m0n02 interface address, then try adding a route to SMEB that points
10.0.0.0/255.0.0.0 to m0n02's WAN interface.  
   
 
      _____  

  From: Tim Brewer [mailto:T dot Brewer at beth dot school dot nz]
To: m0n0wall at lists dot m0n0 dot ch
Sent: Thu, 28 Jul 2005 16:10:42 -0400
Subject: RE: [m0n0wall] Sending Email from m0n0 lan to m0n0 lan - sort of

Thanks all for you help. Here are the results of my last testing session.

There are 2 Firewall Rules set on m0n02:
WAN Interface - allow all from all to all any port (logging enabled)
LAN Interface - allow all from all to all any port (logging disabled)

This way I think that there should be no firewall issues.
I can ping from LAN1 to LAN2 and LAN2 to LAN1 without any issues.

I tried setting up a DNS server on LAN1 (Win2k, non AD) and this helped a
little. SMEB uses qmail as the MTA, and the message in the log
is no longer 'Couldn't Establish an SMTP Connection', but 'deferral:
CNAME_lookup_failed_temporarily'.
I googled this message and found 2 main reasons 1) qmail needs to be updated
to v1.03 (checked an it alread is) 2) DNS Issues.

Next, I tried telnet exchangeip 25 from SMEB, but this kept timing out. When
done from LAN2, this works fine.
I then tried telnet smebip 25 from a LAN2 pc, which worked fine.
I thought that exchange/mail marshall (sorry - missed that earlier) may be
the issue, so set up Mercury Mail on a test pc.
When trying to telnet to this pc, it still times out.

SME has an option to use another pc as the mail server, instead of itself. I
set the ip of the Exchange server in here, and the 
m0n02 firewall log shows a connection trying to happen from SMEB to Exch
Port 25, but no reply connection.
With SMEB mail server option set to the mercury pc, the firewall log showed
connections from SMEB to Mercury, and then Mercury to SMEB
which then sent the email fine (held on mercury pc only)!

The results here have confused me somewhat, and I am at the end of what I
know to try :(

#####################################################################################
This E-mail has been scanned for Viruses and Content and cleared 
by NetIQ MailMarshal
#####################################################################################