Need help from experts - Page 2

caleb_xin · ‎12-08-2005

Hi, I have a problem of my WAN IP address, please help me.

bellow is my IP:

WAN Connections

Router Serial Port IP (ISP Site) : 203.92.70.121

Router Serial Port IP (Installation site) : 203.92.70.122

Netmask Number : 255.255.255.252

LAN Connections

Network IP address : 203.92.72.32 - 203.92.72.39

Netmask Number : 255.255.255.248

I've configured that my Email server to use IP 203.92.72.33 and can receive emails successfully.

But when sending out emails, other email servers read my IP as 203.92.70.122, so if the server checks the reverse DNS record against my IP, my mail will be rejected. How can I configure the router to let other people see my IP as 203.92.72.33 ~ 203.92.72.38 instead of my Router Serial Port IP?

caleb_xin · ‎12-09-2005

I get it, its access is denied. but it leads to another problem, not my mails are not able to deliver. I configured port 25, 110, 53 for mail, is it enough?

Georg Pauwen · ‎12-09-2005

Hello,

all right, the access list appears to work !

Now, usually, ports 25 and 110 should be enough, but your mail server might be trying to use other ports as well. The best way to find out which these are is by adding the ´log´ keyword to the access list:

access-list 100 deny ip host 192.168.1.200 any log

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

and then use the exec command ´term mon´ to see which ports are denied:

Router#term mon

If you see ports in the output that are being denied, add a static entry for this port to your configuration, just like the other static entries...

Does that make sense ?

Regards,

GP

caleb_xin · ‎12-09-2005

Thank you so much.

Here's the log, it seems using port 0????

00:52:57: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.168.1.200(0) -> 194.30.19

3.15(0), 1 packet

00:53:19: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.168.1.200(0) -> 194.30.19

3.16(0), 1 packet

Georg Pauwen · ‎12-09-2005

Hello,

you would usually see that when somebody, or something, is doing a port scan on your network...

Is that the entire output you get when you are trying to send email ?

Regards,

GP

caleb_xin · ‎12-09-2005

Yes, that's all I get, and the mail server cannot connect to internet at all. but it can still get incoming messages.

Georg Pauwen · ‎12-09-2005

Hello,

I wonder if the mailserver is somehow trying to use random ports for sending mail...what kind of server do you have anyway (e.g. Exchange) ?

Regards,

GP

caleb_xin · ‎12-09-2005

I'm using magic win mail.

From all these points, I figured out the following:

"access-list 100 deny ip host 192.168.1.200 any" this command denied all out going packages.

"ip nat source static...." this list opens ports for incoming packages only. So when the outgoing is blocked, the server is still receiving email but cannot send, I think this proves.

I used "netstat -an" on my mail server to see the established connection, it shows that my mail server is attempting to connect 25, means it's using standard port 25 to send, but the router translates this outgoing package using PAT, so that it is having the IP 203.92.70.122

How can I make all the server ports go out using IP 203.92.72.33 but restrict incoming to certain ports?

The "deny any" command blocked everything, any other solution? GP, please help me, I know you can do it.

Please, if I can't solve it by today, my boss sure will be yelling on monday....because his mail is queueing and wait for retry.......

caleb_xin · ‎12-09-2005

is it IP overload? Can I config multiple IP overload?

s.vyas · ‎12-09-2005

Do u have a firewall, firewall like device between router and mail-sever by any chance ?

caleb_xin · ‎12-09-2005

No, I don't have.

peterledwidge · ‎12-09-2005

Hi,

just so your aware here is some important documentation on securing Cisco routers

http://www.cisco.com/warp/public/707/21.html

Best Regards

Peter

Georg Pauwen · ‎12-11-2005

Peter,

why would you post this here ? The problem is with his email, not with security.

Regards,

GP