Topic: Server Gateway mode

[Ed Burgstaler]

Can someone tell me if the SME server can be run in server gateway mode without having the users access their email via the internal nic but rather through the external interface?
I have a situation where I am replacing an existing old BSD box on a network with 3-subnets and 3-BSD firwalls separating them. The previous netadmin had things set up pretty tight & secure with all kinds of rules in the pf.conf and nat.conf files which allowed the users only to access their mail through the external side of the mail server. The old mail server didn't even have an internal nic.
So here is my delema ... when I plop in the SME server as I normally would do, no one can send or receive email ... not a good thing!
 I thought things would be pretty straight forward but not so. I tried setting it up in server only mode but of course that did not work...
Does anyone have any ideas as to how I can get this to work?

BTW:  When I did have the SME server set up on the network I was able to access it on the local segment via webmail and when I set the email client's smtp server to reflect the internal interface it seemed to go but I was not received by the intended recipient and sort of went into never-never land. Also I was able to access through telnet from the outside but not through webmail.

[Guck Puppy]

Good lord... can you draw us a picture? (seriously, I cannot visualize your network.. what is LAN and what is WAN? firewalls between subnets? LAN subnets?)

G

[Ed Burgstaler]

Basically it's like this ...

Thre are 3 different subnets on the internal side. We have an Internet connection coming in that goes through the first firewall (Bridge) which is connected to nic1 on the Internet side and has a second nic2 connected to a fake internal network on firewall number two.
There is a third (Main) firewall router that has 4 network cards, one nic for each of the 3-internal subnets and the fourth card that connects to the internal fake network side of firewall (basically a forth subnet). This firewall controls all traffic between subnets and to the Internet.

Now as I stated earlier each of the firewalls has it's own packet filtering config file and NAT config file with a ton of rules and redirects.
The old mail server only had an external live IP interface with no internal nic.
The SME that I'm trying to get setup has both an internal and external nic and I think that herein lies the problem.
The SME has the same external IP that the old mail server had and when connected the outside world can connect seemingly fine but no one on the internal side can send or receive mail through the internal interface of the SME server and I think it's because it's being filtered by the firewalls somewhere.
See before the users were sending and receiving mail via the external side now they are sending and receiving via the internal side.
I know that if for example I got rid of the firewalls everything would be peachy but that's not an option.
Hope this helps. Any ideas?

[Walter Padgett]

Good Morning,

Are you sure your problem isn't within the email program your using? Have you changed your email program settings to look at the internal SME address or is it still looking at the external address/name? If it is looking at the external name of the server, just plop down a hosts file on each of the workstations and have the name resolve to the internal address. The reason I recommend this is because you can also download a hosts file from various websites that point the ad-ware/spy-ware popups to an internal web page to reduce WAN bandwidth usage. This way your killing two birds with one stone.

I have not found a way to route to the external ip address of the SME box from the internal network since I began using SME when it was still E-Smith v3.x.

Hope this helps,

Wally

[Ed Burgstaler]

I wish it were that easy Wally .... it's not a hosts file problem since I did change the users client to send via the internal IP not host name.

[steve]

sounds like you should be able to set it up in server only mode and set it up exactly like the previous email server (same IP address, logical location, etc)
would that not work?
steve

[Ed Burgstaler]

Yes, I think that would work Steve but the problem is that in server only mode you can't specify a gateway address and it must not be designed for a subnetted network. If there were a work around for this then it may be possible to simulate the previous setup. Do you know anyone else who may have full email and web services running in server only mode?Thanks

[Brent]

Ed,

I run SME 5.6 at work as our mail server in server-only mode.  It has one NIC in it, is routed through a SnapGear firewall/VPN router (gateway) and works fine.  Our users have their SMTP and POP3 server set to the internal IP of the SME server for sending and receiving mail.  We do not have webmail enabled, and only one travelling user accesses the SME server through it's external IP address (via the SnapGear.)

We don't have nearly as complicated a network as you do, however,  We essentially run from our ADSL modem, into the SnapGear, into the ethernet switch, and from there to all machines in the network, including the mail server.  We've never had a problem sending or receiving mail in this manner.

It's possible a similar setup wouldn't work for you, as your complicated firewall rules might prevent things from crossing subnets.  Do all users on all subnets have this problem?  What about users on the same subnet as the SME server?