Watchguard Firebox

Dan

Distinguished
Dec 31, 2007
2,208
0
19,780
Archived from groups: comp.security.firewalls (More info?)

Hello All,

I inherited a Watchguard Firebox 700 and I'm getting a list of blocked sites, but these
blocked sites are email servers??

What is the firebox doing to determine to block the site?

Thanks,
Dan
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

In article <gPgkc.461$Ik.55407@attbi_s53>, flya750@hotmail.com says...
>
> Hello All,
>
> I inherited a Watchguard Firebox 700 and I'm getting a list of blocked sites, but these
> blocked sites are email servers??
>
> What is the firebox doing to determine to block the site?

If the list was not a static list, but one that was detected and
blocked, it was because the FB is set to auto-block sites. If you don't
want those sites blocked then you will need to turn off - auto blocks
sites that attempt to connect.....

I use a hard coded block list that covers most of the non-US sites where
most of the trash comes from and it seems to work well.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 

Dan

Distinguished
Dec 31, 2007
2,208
0
19,780
Archived from groups: comp.security.firewalls (More info?)

I have a slight issue...

I have email message headers coming from the internal private IP (email server) shows
the proxied ip address of the firewall external interface.

Can anyone tell me how to configure a NAT for internal smtp server and service that
does not show a public ip address of the external interface proxied. ???

I have a watchguard firebox 700.

thanks,
d




Leythos <void@nowhere.com> wrote:

>In article <gPgkc.461$Ik.55407@attbi_s53>, flya750@hotmail.com says...
>>
>> Hello All,
>>
>> I inherited a Watchguard Firebox 700 and I'm getting a list of blocked sites, but
these
>> blocked sites are email servers??
>>
>> What is the firebox doing to determine to block the site?
>
>If the list was not a static list, but one that was detected and
>blocked, it was because the FB is set to auto-block sites. If you don't
>want those sites blocked then you will need to turn off - auto blocks
>sites that attempt to connect.....
>
>I use a hard coded block list that covers most of the non-US sites where
>most of the trash comes from and it seems to work well.
>
>--
>--
>spamfree999@rrohio.com
>(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

In article <RvSkc.6654$TD4.683447@attbi_s01>, flya750@hotmail.com
says...
> I have a slight issue...
>
> I have email message headers coming from the internal private IP (email server) shows
> the proxied ip address of the firewall external interface.
>
> Can anyone tell me how to configure a NAT for internal smtp server and service that
> does not show a public ip address of the external interface proxied. ???
>
> I have a watchguard firebox 700.

If I understand you correctly, you have an internal mail server and when
sending email to external servers you don't want your external IP
address to show? If I understand, then you can't do it through the
firewall, it's going to show the public address, it could not
communicate with the other server without the other server knowing the
public IP - they handshake communications, so it has to know the "real"
address of the server.

If you don't mind, why do you care if people know where the email came
from? In most cases, if the email IP address doesn't resolve properly
it's almost certainly spam or other junk mail - even virus's from
private users compromised machines. RBL lists and RDNS is a good thing.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

It's not that I want my external ip address not to show... It's just that
the one that shows is the external ip address of the external interface of
the firewall. Not the 1 to 1 NAT that I configured for the email server.

Thanks for your response,
Dan

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1afdc150eeac70b798a496@news-server.columbus.rr.com...
> In article <RvSkc.6654$TD4.683447@attbi_s01>, flya750@hotmail.com
> says...
> > I have a slight issue...
> >
> > I have email message headers coming from the internal private IP (email
server) shows
> > the proxied ip address of the firewall external interface.
> >
> > Can anyone tell me how to configure a NAT for internal smtp server and
service that
> > does not show a public ip address of the external interface proxied.
???
> >
> > I have a watchguard firebox 700.
>
> If I understand you correctly, you have an internal mail server and when
> sending email to external servers you don't want your external IP
> address to show? If I understand, then you can't do it through the
> firewall, it's going to show the public address, it could not
> communicate with the other server without the other server knowing the
> public IP - they handshake communications, so it has to know the "real"
> address of the server.
>
> If you don't mind, why do you care if people know where the email came
> from? In most cases, if the email IP address doesn't resolve properly
> it's almost certainly spam or other junk mail - even virus's from
> private users compromised machines. RBL lists and RDNS is a good thing.
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)
 

john

Splendid
Aug 25, 2003
3,819
0
22,780
Archived from groups: comp.security.firewalls (More info?)

Make sure you set the IP address (internal one) in the exceptions tab.
Setting up 1 to 1 nat will allow the translation for inbound, but will
still have it using the public dynamic outbound nat. Put it in the
exception, and it will start showing the IP you've assigned it via
NAT. Just went through this with my new mail server when some places
started doing reverse DNS lookups and it was failing for me since the
outbound IP didn't match my DNS records.

J

On Sun, 02 May 2004 01:14:52 GMT, "flya750"
<flya750@hotmail.DELETE.com> wrote:

>It's not that I want my external ip address not to show... It's just that
>the one that shows is the external ip address of the external interface of
>the firewall. Not the 1 to 1 NAT that I configured for the email server.
>
>Thanks for your response,
>Dan
>
>"Leythos" <void@nowhere.com> wrote in message
>news:MPG.1afdc150eeac70b798a496@news-server.columbus.rr.com...
>> In article <RvSkc.6654$TD4.683447@attbi_s01>, flya750@hotmail.com
>> says...
>> > I have a slight issue...
>> >
>> > I have email message headers coming from the internal private IP (email
>server) shows
>> > the proxied ip address of the firewall external interface.
>> >
>> > Can anyone tell me how to configure a NAT for internal smtp server and
>service that
>> > does not show a public ip address of the external interface proxied.
>???
>> >
>> > I have a watchguard firebox 700.
>>
>> If I understand you correctly, you have an internal mail server and when
>> sending email to external servers you don't want your external IP
>> address to show? If I understand, then you can't do it through the
>> firewall, it's going to show the public address, it could not
>> communicate with the other server without the other server knowing the
>> public IP - they handshake communications, so it has to know the "real"
>> address of the server.
>>
>> If you don't mind, why do you care if people know where the email came
>> from? In most cases, if the email IP address doesn't resolve properly
>> it's almost certainly spam or other junk mail - even virus's from
>> private users compromised machines. RBL lists and RDNS is a good thing.
>>
>> --
>> --
>> spamfree999@rrohio.com
>> (Remove 999 to reply to me)
>
 

Dan

Distinguished
Dec 31, 2007
2,208
0
19,780
Archived from groups: comp.security.firewalls (More info?)

John,

So in the advanced section of the NAT config add a dymanic NAT exception of
intenal_IP:external ?

It says in the Dynamic NAT section that the Dynamic exceptions to not apply to 1:1
NAT ??

But I see no other place for this exception you talk about

Thanks,
Dan

john <john@john.com> wrote:

>Make sure you set the IP address (internal one) in the exceptions tab.
>Setting up 1 to 1 nat will allow the translation for inbound, but will
>still have it using the public dynamic outbound nat. Put it in the
>exception, and it will start showing the IP you've assigned it via
>NAT. Just went through this with my new mail server when some places
>started doing reverse DNS lookups and it was failing for me since the
>outbound IP didn't match my DNS records.
>
>J
>
>On Sun, 02 May 2004 01:14:52 GMT, "flya750"
><flya750@hotmail.DELETE.com> wrote:
>
>>It's not that I want my external ip address not to show... It's just that
>>the one that shows is the external ip address of the external interface of
>>the firewall. Not the 1 to 1 NAT that I configured for the email server.
>>
>>Thanks for your response,
>>Dan
>>
>>"Leythos" <void@nowhere.com> wrote in message
>>news:MPG.1afdc150eeac70b798a496@news-server.columbus.rr.com...
>>> In article <RvSkc.6654$TD4.683447@attbi_s01>, flya750@hotmail.com
>>> says...
>>> > I have a slight issue...
>>> >
>>> > I have email message headers coming from the internal private IP (email
>>server) shows
>>> > the proxied ip address of the firewall external interface.
>>> >
>>> > Can anyone tell me how to configure a NAT for internal smtp server and
>>service that
>>> > does not show a public ip address of the external interface proxied.
>>???
>>> >
>>> > I have a watchguard firebox 700.
>>>
>>> If I understand you correctly, you have an internal mail server and when
>>> sending email to external servers you don't want your external IP
>>> address to show? If I understand, then you can't do it through the
>>> firewall, it's going to show the public address, it could not
>>> communicate with the other server without the other server knowing the
>>> public IP - they handshake communications, so it has to know the "real"
>>> address of the server.
>>>
>>> If you don't mind, why do you care if people know where the email came
>>> from? In most cases, if the email IP address doesn't resolve properly
>>> it's almost certainly spam or other junk mail - even virus's from
>>> private users compromised machines. RBL lists and RDNS is a good thing.
>>>
>>> --
>>> --
>>> spamfree999@rrohio.com
>>> (Remove 999 to reply to me)
>>