Archived from groups: comp.security.firewalls (More info?)

Hello All,

I inherited a Watchguard Firebox 700 and I'm getting a list of blocked sites, but these
blocked sites are email servers??

What is the firebox doing to determine to block the site?

Thanks,
Dan

Archived from groups: comp.security.firewalls (More info?)

I have a slight issue...

I have email message headers coming from the internal private IP (email server) shows
the proxied ip address of the firewall external interface.

Can anyone tell me how to configure a NAT for internal smtp server and service that
does not show a public ip address of the external interface proxied. ???

I have a watchguard firebox 700.

thanks,
d




Leythos <void@nowhere.com> wrote:

>In article <gPgkc.461$Ik.55407@attbi_s53>, flya750@hotmail.com says...
>>
>> Hello All,
>>
>> I inherited a Watchguard Firebox 700 and I'm getting a list of blocked sites, but
these
>> blocked sites are email servers??
>>
>> What is the firebox doing to determine to block the site?
>
>If the list was not a static list, but one that was detected and
>blocked, it was because the FB is set to auto-block sites. If you don't
>want those sites blocked then you will need to turn off - auto blocks
>sites that attempt to connect.....
>
>I use a hard coded block list that covers most of the non-US sites where
>most of the trash comes from and it seems to work well.
>
>--
>--
>spamfree999@rrohio.com
>(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

It's not that I want my external ip address not to show... It's just that
the one that shows is the external ip address of the external interface of
the firewall. Not the 1 to 1 NAT that I configured for the email server.

Thanks for your response,
Dan

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1afdc150eeac70b798a496@news-server.columbus.rr.com...
> In article <RvSkc.6654$TD4.683447@attbi_s01>, flya750@hotmail.com
> says...
> > I have a slight issue...
> >
> > I have email message headers coming from the internal private IP (email
server) shows
> > the proxied ip address of the firewall external interface.
> >
> > Can anyone tell me how to configure a NAT for internal smtp server and
service that
> > does not show a public ip address of the external interface proxied.
???
> >
> > I have a watchguard firebox 700.
>
> If I understand you correctly, you have an internal mail server and when
> sending email to external servers you don't want your external IP
> address to show? If I understand, then you can't do it through the
> firewall, it's going to show the public address, it could not
> communicate with the other server without the other server knowing the
> public IP - they handshake communications, so it has to know the "real"
> address of the server.
>
> If you don't mind, why do you care if people know where the email came
> from? In most cases, if the email IP address doesn't resolve properly
> it's almost certainly spam or other junk mail - even virus's from
> private users compromised machines. RBL lists and RDNS is a good thing.
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

John,

So in the advanced section of the NAT config add a dymanic NAT exception of
intenal_IP:external ?

It says in the Dynamic NAT section that the Dynamic exceptions to not apply to 1:1
NAT ??

But I see no other place for this exception you talk about

Thanks,
Dan

john <john@john.com> wrote:

>Make sure you set the IP address (internal one) in the exceptions tab.
>Setting up 1 to 1 nat will allow the translation for inbound, but will
>still have it using the public dynamic outbound nat. Put it in the
>exception, and it will start showing the IP you've assigned it via
>NAT. Just went through this with my new mail server when some places
>started doing reverse DNS lookups and it was failing for me since the
>outbound IP didn't match my DNS records.
>
>J
>
>On Sun, 02 May 2004 01:14:52 GMT, "flya750"
><flya750@hotmail.DELETE.com> wrote:
>
>>It's not that I want my external ip address not to show... It's just that
>>the one that shows is the external ip address of the external interface of
>>the firewall. Not the 1 to 1 NAT that I configured for the email server.
>>
>>Thanks for your response,
>>Dan
>>
>>"Leythos" <void@nowhere.com> wrote in message
>>news:MPG.1afdc150eeac70b798a496@news-server.columbus.rr.com...
>>> In article <RvSkc.6654$TD4.683447@attbi_s01>, flya750@hotmail.com
>>> says...
>>> > I have a slight issue...
>>> >
>>> > I have email message headers coming from the internal private IP (email
>>server) shows
>>> > the proxied ip address of the firewall external interface.
>>> >
>>> > Can anyone tell me how to configure a NAT for internal smtp server and
>>service that
>>> > does not show a public ip address of the external interface proxied.
>>???
>>> >
>>> > I have a watchguard firebox 700.
>>>
>>> If I understand you correctly, you have an internal mail server and when
>>> sending email to external servers you don't want your external IP
>>> address to show? If I understand, then you can't do it through the
>>> firewall, it's going to show the public address, it could not
>>> communicate with the other server without the other server knowing the
>>> public IP - they handshake communications, so it has to know the "real"
>>> address of the server.
>>>
>>> If you don't mind, why do you care if people know where the email came
>>> from? In most cases, if the email IP address doesn't resolve properly
>>> it's almost certainly spam or other junk mail - even virus's from
>>> private users compromised machines. RBL lists and RDNS is a good thing.
>>>
>>> --
>>> --
>>> spamfree999@rrohio.com
>>> (Remove 999 to reply to me)
>>