Strange Mail Server behavior

[vinced]

Folks

I have an issue with a mail server (10.3.7) running on a Xserve G4 (Dual Ethernet). I have been moving from an old Exchange 5.5 server to a new Mac OS X server and it has been going good. It has been going so good in fact I have finished moving all users (40) to the Mac OS X box and they can hit the box through the internal eno (192.168.0.126) and the external eno1 (66.133.153.243) ports without a hitch. The problem showed up when I tried to redirect the external traffic through our other external port (66.133.153.243, a Netgear firewall) to the internal (192.168.0.126) port of the new mail server. Up to this point we had just port forwarded the 25 port from out Netgear Router/Firewall to our Exchange server (192.168.0.141). I have tried to monkey with the mail server’s firewall, but it only seems to affect the external card (66.133.152.243) not the internal (192.168.0.126). Again if the sender has a internal address (192.168*) the internal card will except it, but if the sender has an external ip address, the port forwarding fails.

Any help would be appreciated, even if ya charge me for it.

Vince Dolan
VP of Manufacturing/IT
Waymar Industries
14400 Southcross Drive West
Burnsville MN, 55306
952 435 7100 ext 242

[iztech]

who is your isp?

most isp are now blocking port 25 or as they say filtering port 25.
not sure if this is your problem.

[vinced]

Our settings are this

External Connections
1. 66.133.152.243 (Xserve PCI Ethernet) (works for sending and receiving email, but has no MX record pointing to it)

2. 66.133.152.242 (Netgear Router/Firewall) (Works with Exchange Server by forwarding port 25 to an internal IP of 192.168.0.141) (Has external MX pointing to it)

Internal Connections
1. 192.168.0.126 (Xserve Built in Ethernet port) (works for sending and recieving email from any internal IP, but not when forwarded from the Netgear router firewall)(Has internal MX record pointing to it)

2. 192.168.0.141 (NT Box housing the crusty old Exhange server (works fine with Netgear port forwarding)

My Cards are setup as follows

Internal (nated)

IP: 192.168.0.126
Mask: 255.255.252.0
Router: 192.168.0.126
DNS: 192.168.0.125 (Our other Xserve)

External

IP: 66.133.152.243
Mask: 255.255.255.0
Router: 66.123.234.1
DNS: Our ISPs

[vinced]

The public interface is indeed the first on the list. It has both the firewall and the VPN services running on it. The Netgear router/firewall is not very reliable (Locks up) and so eventally will be replaced with either another Router/Firewall appliance or an Xserve. I don’t see any problem with more than one public access point if their respective firewalls are similarly configured (But I could be wrong).

I wonder however if the internal (Private) interface is configured correctly. Should it be referencing it’s own ip as a gateway/router or should it be pointing to either it’s external (Public) interface or the Netgear’s private ip (192.168.0.151). Is the internal (Private) interface on the Xserve not allowing port forwarding to it from the Netgear because the incoming ips are from outside it’s subnet? If so why does the NT/Exchange box (Which is on the private subnet) work? Is it because the Xserve is getting confused on wether to except external ips on it’s internal (Privite) interface or on it’s External (Public) interface, even if the are directed to the internal port.

If this is the case, then I will have our ISP redirect the MX record to the new serve and forget about port forwarding for now.

Confused

[vinced]

Folks

Could I use the Network’s Utility’s Netstat command (using the routing table option) to troubleshoot this problem?

Also I have tried to troubleshoot the issue using the other Xserve that has only a private address (very much like the NT/Exchange server) and it also only excepts info from internal sources, not any from the Netgear port forwarding, where as the NT/Exchange server does.

I must be missing something fundamental here.

[Author]

Posts