Networking Issues

[thorevenge]

Its not often I ask for help but I am exhausted after fiddling with shit for close to half a day.

Scenario

ADSL Modem -> Cisco Router -> Multiport Switch -> Mac OS X Server

Running on the server is the default mail server.

ISP ports - unblocked
Modem ports - unblocked
Server Ports - unblocked

I can telnet into port 25 from an external source. Other open ports on the network all work normally from internally and externally (VNC type stuff). Sending mail to the mailserver for internal (ie localhost) works normally.

But I cannot telnet from internally to the external IP for ports 25, 110 etc.

Any ideas?

[blakat]

I'd suggest that the router is either being smart or dumb; depending on which way you look at it and not providing the route back through itself.

Internal machine -> Lan -> default gateway -> public IP -> internal IP -> Lan -> internal server.

need to make sure that the router isn't blocking/dropping the request

[thorevenge]

Yes, thats similar to what I was thinking

But then the VNC service works from internal IP to external IP (which then routes internally again) so I'm not too sure apart from the fact the VNC and mail servers are different machines.

Both have static internal IPs if that helps.

[blakat]

The machine that the VNC server is running on, is that designated as a DMZ server in the router? That's about the only thing i could think would change the way it handles the routing if everything else is in order; no ACLs etc

[drewbles]

I have a similar setup at home except the ADSL is plugged direction into a Cissco 1721 with ADSL WIC.

Are you using NAT or real world routable IP Addresses? What's the IP Config on your OS X Server (VLAN wise/ Sub interface wise etc)

I'm happy to discuss it offline if you like (I make my living out of networking so rather not bore people on here with it!) It sounds like some kind of mail 'security' but i'm not sure not knowing the full config. Drop me a line if you want more help

[thorevenge]

Hey Drewbles

Well here is the topology if you want it


Billion ADSL (internal IP of 10.xx.xx.xx) -> Cisco 1800 series Fe0 (10.xx.xx.xx).

Cisco 1800 series Fe4 (192.168.xx.xx) -> Switch - > Server (192.168.xx.xx).

The Billion has a static route to send all traffic to the Cisco on the 192 range. Conversely all traffic not destined for 192 range is routed out through the Billion.

The Mail Server I am using is the default for Mac OS X 10.4 which is Cyrus. Default and install. No custom changes.

I can telnet to 25 from the server itself and from within the internal network.

The ISP shows no ports blocked. Have reblocked and unblocked again to be sure.

The Billion has passthrough rules for the mail ports. The Billion also has VNC passthrough rules which currently work from internal and external sources.

The mail server can be telnet'd to from external sources.