Hello 21,
i'm running ASL v.4 in this configuration:
internal network: 172.16.100.0
external interface: 195.250.233.xx4
195.250.233.xx3 (xdsl router)
NETWORK:
*dnat/snat from any to internet_interface SMTP redirect to mailsrv
*dnat/snat from any to internet_interface HTTP redirect to mailsrv
*masq localnetwork in internal_interface
portscan status: active, accept any to any
icmp status: all active / traceroute and ping active
RULES:
1)from any to any drop bradcast
2)from mailsrv to any smtp allow
3)from any to mailsrv smtp allow
4)from any to mailsrv http allow
5)from any to any ping allow
6)from any to any dns allow
7)from my_pc to any telnet allow
PROXIES:
HTTP: active
cache active
allowed net: internal_network, mailsrv, navsrv
allowed services: dns, ftp, http, http, smtp, ping, ldap, squid
auth: local user
allowed user: ( pippo, pluto, paperino.. )
DNS: active
listening on internal interface
allowed in internal_network
forwarding to 195.250.233.15
SMTP: active
accept incoming mail for mydomain.com forworded to mailsrv
outgoing allowed: mailsrv
block rcpt hack: active
sender addr verification: active
i've got problem in outgoing connection; from internal net it seems to ignore rules !!!
example:
from my_pc: ping 195.250.233.xx4--> ok
from my_pc: ping 195.250.233.xx3--> request timeout
from my_pc: telnet 195.250.233.xx3 --> unable to open port
from my_pc: telnet external_SMTP_SERVER 25 --> unable to open port
from mailsrv: telnet external_SMTP_SERVER 25 --> unable to open port
using a single pc directy connected to internet via modem:
telnet 195.250.233.xx4 25 --> i can telnet to my mailsrv,
but i'm unable to send outgoing mail : "rejected for policy reason"
i't seems that ASL block outgoing smtp connection !!
mailsrv=lotus domino 5.011
any suggestion???
[:S]
This thread was automatically locked due to age.
