Topic: no LAN-smtp behind a firewall

[contribpsc]

Hi there,
I have a SME server placed in a DMZ (10.0.0.0/24)behind a (fortigate) firewall.
I can reach the SMTP from WAN and DMZ, I can reach POP3 from LAN but I cannot reach SMTP from LAN!

I have a LAN net of 192.168.96/20! (255.255.240.0) and added this as local-network to the SME as to access the server-manager from LAN. (AmaVis added 16 c-class relay subnets in /etc/tcprules/tcp.smtp. ProFtpd mentioned the same 16 subnets.) The FW-rules naturally include port 25 from LAN.

Anyone familiar with this problem??
Thanks!

[kruhm]

sounds like another dsn/firewall problem.

How are your trying to reach the smtp? Through mail.server.com? Depending on your dns setup this may return the local address or it may go out of your network then back in. Your firewall may/maynot allow this.

If you are using the netbios name, SMESERVER,  to reach smtp, it should work without problems.

[contribpsc]

FW rules are setup to allow port 25 from both LAN and WAN.
The FW is designed to redirect a LAN request to a FQDN directly to DMZ *without* going to WAN first. Even if I use the internet IP number the FW will 'know the way' (Reaching POP3 from LAN, while WAN access is forbidden, proves it)
I tried (from LAN) to 'telnet mail.domain.com 25', 'telnet mail 25': both invain.

At least, seemed to be invain....
I must have been too impatient. Because I wanted to know the real return value of the smtp session, I decided to 'sit it out' and wait for the proces to time-out (it took over 3 minutes!). It then neatly prompted with 220 ... ESMPT !
It looks I have some kind of DNS error instead (or something else with smtpfront-qmail), and *not* a FW issue.
If I cannot figure it out, I'll be back (you're welcome ofcourse if this is a piece-of-cake for you)

Thanks for directing me to do more testing.