Hi, I am still using PIX firewall; please help to fix the following scenario:
Two domains with two public IP addresess.
Two email hardware hold each public domain and public DNS records, so they can communicate each other easily if nothing special.
But for my case, these two email hardware are behind a PIX 506E, I have to NAT them for protection and for internal user.
They can not communicate each other.
From the log, I found from each server, my telnet session just goes out and no return, how can I configure the PIX506E in order to know to let them communicate each other ?
You can't really do that with a PIX. (one of the things that makes me dislike them overall).
If you have the two SMTP servers on different segments on different ports on the PIX (probably doubtful on a 506E?), you may be able to 'alias' the addressing if your version of code supports it. But the traffic has to traverse two ports on the PIX. It can't hairpin back out the inside port.
The suggested solution is to do this with DNS. You'd implement DNS views, such that when the query for the DNS hostname comes from an internal host on your network, your DNS server returns the internal IP address of the SMTP server that you want to communicate with, such that the workstation/server then doesn't have to traverse the firewall, it talks directly on the inside LAN to the server.
I suspect now-a-days, the split view is done more with separate DNS servers, the internal one gets configured with local view addresses for your public zones, even if they aren't authoritative for the global internet. Then all your local hosts/servers point to the internal DNS server that answers with the local view of data.
Then of course, leave the global view of the DNS to answer with the public IP address of the server, such that everybody else communicates normally like you are now.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.