Results 1 to 5 of 5
  1. 09-26-2011, 06:38 PM #1
    srich
    srich is offline
    Newbie
    Join Date
    Mar 2010
    Posts
    11

    Default UT filtering incoming email

    I have a new installation of Untangle with only the Spam and Phish blockers loaded and configured. I have configured the port forward to the internal mail server (Postfix). The UT server is sitting in a Cisco ASA DMZ and the mail server is sitting on the inside network. The UT server is in routing mode with a DMZ address on the External interface and an inside address on the Inside interface (same subnet as the mail server).

    Internet -> ASA -> UT -> Postfix

    Cisco has verified that the SYN packets are making it through the firewall to the UT server but there is no ACK coming back.

    I can't believe it is this difficult to setup. I have 2 other Untangle server that have been up and running like champs for the past 2 years. Why is this one giving me fits?

    Port forward
    Source interface: External
    Protocol: TCP
    Destination port: 25
    New destination: (ip of postfix server)

    Under Advanced->General, I unchecked the Only NAT WAN traffic:

    Packet Filter
    Action: Pass
    Source interface: External
    Destination port: 25
    Protocol: TCP

    I haven't changed any other settings.
  2. 09-26-2011, 06:45 PM #2
    mrunkel
    mrunkel is offline
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    2,989

    Default

    your mail server is using the untangle as it's default gateway? and why did you uncheck only NAT wan traffic?
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com
  3. 09-26-2011, 06:55 PM #3
    srich
    srich is offline
    Newbie
    Join Date
    Mar 2010
    Posts
    11

    Default

    1) No, the default gateway is not using untangle as it's default gateway. I thought about that since I had seen numerous posts regarding the default gateway so I changed the mail server's default gateway to be the untangle server but no go.

    2) It was a guess on my part. I have tried with NAT wan traffic checked and unchecked.
  4. 09-26-2011, 07:59 PM #4
    drsminkus
    drsminkus is offline
    Master Untangler
    Join Date
    Aug 2011
    Location
    Buckhannon, WV
    Posts
    121

    Default

    Sounds like a classic routing issue. You will want to set the default gateway of your mail server to be the untangle box or else outbound packets will never go back through untangle and the TCP handshake will never complete.

    Make sure that you can browse the internet from the Untangle box. Make sure that after you set the default gateway on the mail server that you still get outbound internet access from that server. If you experience trouble you will want to use traceroute to determine where packets might be getting lost.
  5. 09-26-2011, 09:24 PM #5
    srich
    srich is offline
    Newbie
    Join Date
    Mar 2010
    Posts
    11

    Default

    Thanx. Took a bit of reconfiguring the mailserver with static routes for all of our internal subnets and multiple changes to the firewall but it appears to be passing traffic. I have tested all the ports and they all connect.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2