List Info

Thread: Port Forwarding/Redirecting
Port Forwarding/Redirecting
user name
 2006-05-23 18:54:28 
This can't be very difficult to do but damn if I can't get
it to work.

I have read over and over again every example I've found on
the web 
to no avail.

I've got a PIX 515 v6.3.
Anti-spam device behind firewall.
smtp server behind firewall.

My PIX is up and running with no troubles as is the smtp
server (have 
been for a few years now), we just added the anti-spam
device, I know 
I could do this via DNS and MX records if I have to, but
would like 
to do it with port forwarding/redirecting.

Trying to forward ALL incoming smtp traffic to the anti-spam
device 
which will then either kill spam or forward good mail to the
smtp 
server.

Internet ---incomming traffic---->  PIX ---smtp
traffic---> antispam -
---> smtp server
                                     |
                                     |
                                     V
                               all other traffic

Assume PIX outside IP = 111.111.111.111
Assume antispam IP    = 222.222.222.222
Assume smtp server IP = 222.222.222.333

All IPs are static, no dhcp, no nat.

Current config looks like this (some parts removed as not
necessary):

interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
names
name 222.222.222.222 antispam
name 222.222.222.333 smtpserver
access-list ACL_OUT permit tcp any host smtpserver eq domain

access-list ACL_OUT permit tcp any host smtpserver eq ssh 
access-list ACL_OUT permit tcp any host smtpserver eq pop3 
access-list ACL_OUT permit tcp any host smtpserver eq smtp 
access-list ACL_OUT permit tcp any host smtpserver eq imap4 
access-list ACL_OUT permit udp any host smtpserver eq domain
access-list ACL_OUT permit tcp any host antispam eq ssh
access-list ACL_OUT permit tcp any host antispam eq smtp
access-list ACL_OUT permit tcp any host antispam eq domain
access-list ACL_OUT permit udp any host antispam eq domain
access-list ACL_OUT permit udp any host antispam eq ntp
access-list ACL_OUT permit tcp any host antispam eq www 
ip address outside 111.111.111.111 255.255.255.252
ip audit info action alarm
ip audit attack action alarm
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
static (inside,outside) smtpserver smtpserver netmask
255.255.255.255 
0 0 
static (inside,outside) antispam antispam netmask
255.255.255.255 0 0 
access-group ACL_OUT in interface outside

#Configed as above all smtp traffic goes to the smtp server
as normal 
and all users get their eamil with no problems at all (have
been for 
years).
#according to the example at the cisco site I made the
following 
change:

Changed - static (inside,outside) smtpserver smtpserver
netmask 
255.255.255.255 0 0
     to - static (inside,outside) tcp smtpserver smtp
antispam smtp 
netmask 255.255.255.255 0 0

#Nothing happens, all smtp traffic appears to go directly to
the smtp 
server, users still getting all emails. Yes the antispam
machine is 
on and ready to accept incoming smtp traffic.

If the above config looks okay, then I'll try to dig deeper
via logs 
to see whats up.

Thank in advance for any help.









------------------------ Yahoo! Groups Sponsor
--------------------~--> 
Get to your groups with one click. Know instantly when new
email arrives
http://us.click.yahoo.com/.7bhrC/MGxNAA/yQLSAA/kgFolB/TM

------------------------------------------------------------
--------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://gr
oups.yahoo.com/group/PIX_Firewall/

<*> To unsubscribe from this group, send an email to:
    PIX_Firewall-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )