« Col. Jeff Cooper | Main | Birthdays and Other Miscellanea »
October 03, 2006
Email And Firewalls And Bears, Oh My!
"I coulda been a contenda!"
If my legions of loyal fans have been following the exploits of Willie Gaitz, Elderly Boy Genius, they might know that I've been wrestling with the SFI (Small Financial Institution) Exchange Server installation.
Actually, Exchange has behaved itself. Internally, on the inside of our network, all is bliss.
Unfortunately, we have to communicate with the outside world. "Aye, laddie, there's the rub!"
What I have to do is persuade our Cisco PIX 506E firewall to send email traffic, and only email traffic, to our internal spam catcher.
We're a simple network. We have fewer than 100 PCs. Our Exchange server is on the same subnet as our PIX. This should be simple: "Dude! Catch any email and send it to NOSPAM, there to be sent further to EXCHANGE."
So far, I've managed to kill ALL internet access, for everybody.
Twice.
The only thing that saved my bacon was I was able to UNDO what I did in less than 10 seconds.
So far, the commands on the PIX to do email redirection look like this:
|
static (inside,outside) tcp 12.12.12.12 25 192.168.0.2 25 netmask 255.255.255.255 0 0 |
If you parse the above carefully, with a command reference in hand, it makes sense. "Dude! Grab the email and send it ... "
BUT... when I plug the appropriate IP addresses in there, and activate it, external internet access goes to hell in a hand basket. Internal works just fine.
I think I'll go sit in the corner, with a bottle of cheap rotgut. Passers-by will shake their heads in sympathy... "Poor fellow. He was normal once, but then he fell afoul of the PIX, and there he sits, an object of pity... swilling cheap rotgut instead of a fine vintage like ours..."
Posted by ward at October 3, 2006 09:43 PM