[afnog] PIX Configuration Issue
Brian Candler
B.Candler at pobox.com
Wed Jun 22 14:27:21 EAT 2005
On Wednesday 22 June 2005 12:09, Julius Kidubuka wrote:
> When I do try to send mail to say, juki at one2net.co.ug, I get the error
> message as below:
>
> 'juki at one2net.co.ug' on 6/22/2005 12:55pm
> 550 5.7.1 <juki at one2net.co.ug>... Relay denied. IP name lookup failed
> [192.168.0.55]
>
> >From this, I do see that the address, 192.168.0.55, is the global pool
>
> address that is assigned to the client PC (192.168.10.79) from which the
> mail is trying to be sent. This is shown after running the following
> command off the PIX;
>
> pixfirewall#sh xlate
> Global 192.168.0.55 Local 192.168.10.79
>
>
> This scenario to me means that the MUA (which in this case is MS Outlook)
> is trying to send the mail via the global pool address .ie. 192.168.0.55
> and not the mail server (192.168.0.5) yet in my server settings (in MS
> Outlook), I have specifically set the pop3 and smtp servers to point to
> 192.168.0.5.
Incidentally, that's a good example of the confusion which NAT can cause.
What's actually happening is:
192.168.10.79 192.168.0.5:25
client ------------------------->
As it goes through the NAT, the source address is changed:
192.168.0.55 192.168.0.5:25
client -------------------------> server
Hence the server believes the connection is from 192.168.0.55, and that's the
IP address it puts in its error message and in its log files.
B.
More information about the afnog
mailing list