Firewalls: Re: Guantlet Firewall

Firewalls
(October 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Guantlet Firewall
From:	Ken Kempster <kempster @ monarch . rnb . com>
Date:	Mon, 21 Oct 1996 10:51:34 -0400 (EDT)
To:	lresch @ nswc . navy . mil
Cc:	Firewalls Mailing List <firewalls @ GreatCircle . com>
Comments:	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comments:	Internet Message: Sender identity is not varified.
Comments:	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In-reply-to:	<9610211147 . AA24803 @ oanews>

On Mon, 21 Oct 1996 lresch @
 nswc .
 navy .
 mil wrote:

>   I have a specific question about the use of the Guantlet
> firewall.  We have the firewall protecting our internal
> network from the protected network of our organization and we
> are trying to pass mail through the firewall.  Our registered
> domain name is the same as the organization (inside we are using
> unregistered/unroutable IPs ....) but we seem to run into the snag
> that if we use the registered domain for accepting/forwarding
> mail from our internal gateway to the organizations mail relay,
> the mail gets bounced back to us by the firewall -- it seems that

What is the error message on the header of the mail that
is bounced?   If the error is something like 'User unknow'
then it is a problem with the way you have your mailer package
configured on your internal gateway.   Try doing this:
mailx -v user @
 dom .
 ain or mail -v user @
 dom .
 ain; whichever works,
 execute this from the command line of your internal mail gateway
and this will give you the output of the exact communications
that is happening between your internal gateway and your firewall.
Make shore that your internal gateway is not rewriting your reply
addresses to user @
 firewall .

If you are getting bouncing mail between your internal gateway and the
firewall, make shore that the SMTP mail configuration on the Gauntlet box
is correct;  the name and the IP address to forward internal mail.

> the firewall doesn't know that mail addressed to the organization
> from the inside should be let out and that mail addressed to us/the 
> organization from the outside should be let in....
>   Does anyone know of a way to have the firewall pass mail from the
> outside (ie forwarded by the mail relay) to our internal mail
> gateway and to pass mail from the inside to the mail relay
> independent of the address?  (Right now we are using a 
> different domain name for our firewall so it can distinguish
> the inside/outside mail -- but the mail relay does not recognize
> the name and drops the mail ....  grrrrr)
>   Thanks for any assistance, sorry for any wasted bandwidth...
> 
> +----------------------------------------------------+
> |                    Larry Resch                     |
> |               lresch @
 nswc .
 navy .
 mil                 |
> |                                                    |
> | My thoughts are mine alone, and do not necessarily |
> |   reflect the thoughts of those for whom I work.   |
> +----------------------------------------------------+
> 

----------------------------
Ken Kempster
Republic National Bank
kempster @
 monarch .
 rnb .
 com
----------------------------

References:

Guantlet Firewall
From: lresch @ nswc . navy . mil

Indexed By Date	Previous:	RFC1627 From: peter @ baileynm . com (Peter da Silva)
Indexed By Date	Next:	re: IP addresses From: "Jim Leo" <ADMIN @ everett . pitt . cc . nc . us>
Indexed By Thread	Previous:	Guantlet Firewall From: lresch @ nswc . navy . mil
Indexed By Thread	Next:	Escalation Procedures From: Rey LeClerc/New York/ACMC <Rey_LeClerc @ ACML . COM>