Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

No route between mail servers??

Status
Not open for further replies.
moebius359

moebius359

Programmer
Feb 7, 2002
4
0
0
US
I have four servers doing web/mail hosting natted behind a CP firewall and ran into the following situation:

Email messages sent from outside the fw to any domain located inside the fw works fine. Messages sent from domains to any domain located outside the fw works too.

Messages sent from one domain located behind the fw to another server located behind the firewall fails...

I don't seem to be able to trace beyond the fw from one domain to another.

Any ideas or comments would be appreciated!!
 
Sort by date Sort by votes
Are the mail servers behind the firewall on the same subnet or different? What's the IP addresses and masks?

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
are you relying on NAT between internal networks?
as i understand fw1 doesnt do NAT between internal interfaces unless you write ARP entries.

if this is the case then posible solutions are
enter DNS entries for the mail servers on each domain DNS server using local IP addersses not external NAted addreses.

as for the tracert i beleve this is one of NG's little "features"
 
Upvote 0 Downvote
Thanks for the quick replies !

The servers are all on the same sub 192.168.100.0 on the internal side and 64.53.6.0 on the public side. We had to add ARP entries between public and private interface. Also created appropriate rules inbound and outbound.

I did not want to create an hybrid DNS, so all entries are refering to public IPs and not private ones.



 
Upvote 0 Downvote
If your internal server are on the same subnet then there should not be any problem. Confirm ping communication between these servers internal and isolate it. If still kindly let me know what mail server you use.

I will try to help you

P.Nagaraj
CCSA, CCSE
 
Upvote 0 Downvote

That's what I thought initialy, but CP goes home to momma when trying to route traffic coming from the same interface.

All servers are running sendmail. I've tested with ping, telnet and ftp. If I use the private IP everything is fine, if I try by domain name the traffic is lost.

Servers resolve on public IP and cannot find the private IPs for the sites.

I have come to the conclusion that we will have to setup an internal DNS with private IPs and let the servers resolve to that first. Not a very elegant solution and certainly more complicated to maintain because of double entries on DNS servers, but what else can you do.

Any ideas?

Thanks1
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
61
Russtoleum
Russtoleum
Russtoleum
  • Locked
  • Question
custom VPN Tunnel not appearing when trying to add route
Replies
1
Views
49
jcarmichael1203
jcarmichael1203
handle2110
  • Locked
  • Question
Communication between interfaces
Replies
0
Views
45
handle2110
handle2110
Spork52
  • Locked
  • Question
Is this secure? Serving content from two servers with SSL
Replies
3
Views
51
ChrisHirst
ChrisHirst
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
43
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top