Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mail server and our Symantec Firewall connection

Status
Not open for further replies.
Tony414

Tony414

MIS
Feb 3, 2003
197
US
Hello,
Here is a little bit about our setup. We have a Linux (Fedora 8) mail server connected to the outside (internet) world, which also ties to our Symantec Firewall. We have recently installed a Progress program that needs to communicate through the firewall. There is a progress file on the linux box where we enter the ip of the firewall. For some reason the linux box is not communicating to the firewall. If I run a tracert to the firewall ip it comes up with nothing. I think the problem is on the linux box but can't figure it out. Any help would be greatly appreciated.

Tony
 
Sort by date Sort by votes
Is the mail server behind your firewall? Often the firewall has a public and private side, and if you are using the Public side IP that is probably not going to work. So check the IP of your mail server, is it private or public?

Private IP would be in the range:

From 10.0.0.0 to 10.255.255.255
From 172.16.0.0 to 172.31.255.255
From 192.168.0.0 to 192.168.255.255

Anything else, public.

If you run traceroute to anywhere valid on the Internet it should report the inbound interface of the firewall.

 
Upvote 0 Downvote
No. The mail server is not behind the firewall. And it's not in that range you mentioned. I'm not able to run the traceroute now. I will do that.

Thanks,
Tony
 
Upvote 0 Downvote

In that case, I would suspect that you need to open that port to talk to the Symantec Firewall on the Firewall itself, but I am not familiar with the Firewall or the Progress report that you are installing.
eugene
 
Upvote 0 Downvote
Now when you say "that port". Do you mean on the linux box? Because I don't even think it's getting to the firewall. We don't see any errors in the firewall log
 
Upvote 0 Downvote
Run "iptables -L" and see how your outbound rules are configured. Most people don't restrict outboumd service, but since you stated your mail server is on public (not behind a firewall) perhaps it is more restrictive.

You could also run tcpdump on the mail server to see what port it is trying to use. It would be
tcpdump host "IPADDRESS OF FIREWALL"

then run your app and see what packets are going out (if blocked by the firewall you won't see a response).

I assume your mail server is going to try to talk to your firewall on a TCP port. Since firewalls are inherantly cautious, I would assume that the port to be blocked on the firewall by default.

BTW, traceroute is a bad test because firewall often
do not respond to ICMP echo to prevent denial of service attacks.

eugene
 
Upvote 0 Downvote
So it looks like outbound is not setup for port 2533 (port that progress uses). How would I go about setting that up. Also it uses a range 2701-???? How would I do that?

Thanks,
Tony
 
Upvote 0 Downvote
Did you determine if it is blocked OUT from your Linux server or IN to the Symantec FW or both?

eugene
 
Upvote 0 Downvote
It's stopped at the linux box. It's not getting to the firewall.
 
Upvote 0 Downvote
Hi Eugene,
Just touching base to see what I might be able to do.

Thanks,
Tony
 
Upvote 0 Downvote
Are you running some other firewall package?(Firestarter, APF). I am familiar only with RHEL.

Look at:

Main Menu > System Settings > Security Level

To test, I would just stop the firewall for a minute and see if the connection works.

eugene
 
Upvote 0 Downvote
Linux is Fedora 8. The GUI is disabled. Is there any other way of finding out? I don't have access to it now. I'm not sure if that admin over there will be comfy with turning off the Linux firewall for a minute.

Tony
 
Upvote 0 Downvote
Have them send you /etc/sysconfig/iptables (I believe the config is the same in Fedora as in RedHat). I believe no matter what FW package running, it would have to twiddle this file.

eugene
 
Upvote 0 Downvote
Hi Eugene,
The admin will not give me the file to put up on here. Which I understand. Any recommendations as to what I can try to put in there?

Tony
 
Upvote 0 Downvote

Get on the Linux box. Do a "telnet IPADDRESSOFFIREWALL 2533".

(provided the service is TCP and not UDP.)

If you get a connect, then you got there no problem.

If you get a connection refused, that is probably a firewall block (on either end).

If you get a timeout, then the service might not be running on the Symmantec.

At the same time, you or your admin can run tcpdump specifying the port 2533 to see the packet trace on the interface.

At the same time trying the telnet :

If you don't see it appear, then something is wrong on the Linux side firewall.

eugene
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
mail Server
Replies
0
Views
252
MP2023
MP2023
MP2023
  • Locked
  • Question
Mail Server zimbra
Replies
0
Views
265
MP2023
MP2023
bk Patel
  • Locked
  • Question
Openscape 4000 Eco Server
Replies
3
Views
430
bk Patel
bk Patel
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
312
SamBones
SamBones
Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
171
Steve Bowman
Steve Bowman

Part and Inventory Search

Sponsor

Back
Top