Port Forwarding/Redirecting

Thread: Port Forwarding/Redirecting

Search this list only Search all lists
Port Forwarding/Redirecting
	2006-05-25 12:37:52
I'm assuming (as your email isn't clear) that you are using separate IP's for your Internet IP address of the SMTP and Antispam server. If so, this should work if you did a "clear xlate", as you are changing the translation. -----Original Message----- From: PIX_Firewall@yahoogroups.com [mailto:PIX_Firewall@yahoogroups.com] On Behalf Of jeffrey_wenzel Sent: Tuesday, May 23, 2006 1:54 PM To: PIX_Firewall@yahoogroups.com Subject: [PIX_Firewall] Port Forwarding/Redirecting This can't be very difficult to do but damn if I can't get it to work. I have read over and over again every example I've found on the web to no avail. I've got a PIX 515 v6.3. Anti-spam device behind firewall. smtp server behind firewall. My PIX is up and running with no troubles as is the smtp server (have been for a few years now), we just added the anti-spam device, I know I could do this via DNS and MX records if I have to, but would like to do it with port forwarding/redirecting. Trying to forward ALL incoming smtp traffic to the anti-spam device which will then either kill spam or forward good mail to the smtp server. Internet ---incomming traffic----> PIX ---smtp traffic---> antispam - ---> smtp server \| \| V all other traffic Assume PIX outside IP = 111.111.111.111 Assume antispam IP = 222.222.222.222 Assume smtp server IP = 222.222.222.333 All IPs are static, no dhcp, no nat. Current config looks like this (some parts removed as not necessary): interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 names name 222.222.222.222 antispam name 222.222.222.333 smtpserver access-list ACL_OUT permit tcp any host smtpserver eq domain access-list ACL_OUT permit tcp any host smtpserver eq ssh access-list ACL_OUT permit tcp any host smtpserver eq pop3 access-list ACL_OUT permit tcp any host smtpserver eq smtp access-list ACL_OUT permit tcp any host smtpserver eq imap4 access-list ACL_OUT permit udp any host smtpserver eq domain access-list ACL_OUT permit tcp any host antispam eq ssh access-list ACL_OUT permit tcp any host antispam eq smtp access-list ACL_OUT permit tcp any host antispam eq domain access-list ACL_OUT permit udp any host antispam eq domain access-list ACL_OUT permit udp any host antispam eq ntp access-list ACL_OUT permit tcp any host antispam eq www ip address outside 111.111.111.111 255.255.255.252 ip audit info action alarm ip audit attack action alarm nat (inside) 0 0.0.0.0 0.0.0.0 0 0 static (inside,outside) smtpserver smtpserver netmask 255.255.255.255 0 0 static (inside,outside) antispam antispam netmask 255.255.255.255 0 0 access-group ACL_OUT in interface outside #Configed as above all smtp traffic goes to the smtp server as normal and all users get their eamil with no problems at all (have been for years). #according to the example at the cisco site I made the following change: Changed - static (inside,outside) smtpserver smtpserver netmask 255.255.255.255 0 0 to - static (inside,outside) tcp smtpserver smtp antispam smtp netmask 255.255.255.255 0 0 #Nothing happens, all smtp traffic appears to go directly to the smtp server, users still getting all emails. Yes the antispam machine is on and ready to accept incoming smtp traffic. If the above config looks okay, then I'll try to dig deeper via logs to see whats up. Thank in advance for any help. ------------------------ Yahoo! Groups Sponsor --------------------~--> Get to your groups with one click. Know instantly when new email arrives http://us.click.yahoo.com/.7bhrC/MGxNAA/yQLSAA/kgFolB/TM ------------------------------------------------------------ --------~-> Yahoo! Groups Links ------------------------ Yahoo! Groups Sponsor --------------------~--> Home is just a click away. Make Yahoo! your home page now. http://us.click.yahoo.com/DHchtC/3FxNAA/yQLSAA/kgFolB/TM ------------------------------------------------------------ --------~-> Yahoo! Groups Links <> To visit your group on the web, go to: http://gr oups.yahoo.com/group/PIX_Firewall/ <> To unsubscribe from this group, send an email to: PIX_Firewall-unsubscribe@yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.c om/info/terms/

[1]

about | contact Other archives ( Real Estate discussion Medical topics )