Re: Emails using Gateway IP in header instead of router IP number

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Even if it is, that shouldn't matter whether the cable modem is bridged or routed. Once the SMTP traffic leaves exchange, I could route it through a packet-inspecting firewall, a NAT device, another firewall, through a linux box, through a spam filter appliance, then through an untangle setup, untill it eventually reaches my network edge and onto Comcast's network. Routed vs bridged doesn't matter here.

If the cable-modem is bridged then the public IP is assigned to the next device in the line...the firewall. If it is routed then it should just be pushing TCP packets and not messing with the headers of an SMTP message at all.

So see two scenarios where this makes sense. The first scenario involves having multiple IP addresses. One assigned to the cable-modem itself and others to edge device(s). In this case, the cable modem, bridged or routed, won't matter. It just needs to route traffic appropriately. So, what can go wrong here?

1) Your exchange server is set up to send traffic traffic outside via one IP (saw the cable-modem) instead of another IP...say the sonicwall. The IP listed in any SPF record needs to match the public IP of the device receiving the traffic from Exchange. So this *could* be misconfigured on the SBS box.

2) If the firewall device itself is configured to forward traffic to the cable modem IP, but the SPF points to the firewall address. Because the firewall is forwarding traffic, the proxy engine may be changing the header information with the cable-modem's IP...which would cause a mismatch. This would be a misconfiguration in the firewall that would need to be addressed.

--

The second scenario is if there is only one IP. Again, bridged vs routed doesn't matter...that only affects which device has the public IP. The cable-modem or the first device *behind* the cable modem. Either way, the SPF record would need to have the public IP provided by comcast, regardless of the actual device. And again, if the cable-modem is routed, the firewall needs to be configured in such a way that if it does any applicatoin specific scanning or altering (SMTP traffic in this case) that it properly accounts for any IP translations that occur.

-Cliff




"Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:e5kUBfzOKHA.504@xxxxxxxxxxxxxxxxxxxxxxx
"Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23dv1oczOKHA.4692@xxxxxxxxxxxxxxxxxxxxxxx
"Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23IBEgEuOKHA.4692@xxxxxxxxxxxxxxxxxxxxxxx
Sam <Sam@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I'm running SBS 2003, emails sent to comcast are being rejected.

After investigating and talking to comcast, they said that the email
header sent from server is using the gateway IP number instead of my
firewall IP number.

I have the reverse DNS and mx pointing to the firewall IP number (not
the gateway)

I checked other servers I support with the same sonicwall firewall
setup and the email headers are using the sonicwall static IP as they
should.

We are using qwest for ISP provider.

I'm suspecting that the dsl modem is the cause of this problem!

Any ideas?

Sam

I'm with Ace on this. WTF are they talking about? Ask Comcast to connect you to a higher-level tech who can explain in detail what they're talking about. And send an email to yourself so you can look at the headers.

"Gateway" doesn't have a lot of meaning here. A computer's default gateway is generally the upstream router ...which in your case is the LAN IP of the Sonicwall.



Sometimes I think Comcast has their own terminology, and especially with the explanation they provided Sam, it is definitely unclear what they're talking about. :-)





Wait, it just dawned on me that Comcast may be saying it is coming across their cable modem IP, which IIRC, that's THEIR gateway IP. But if that is the case, that would be a configuration issue on THEIR end. They should instruct or help Sam in setting up the cable modem in Bridge mode so all outbound traffic appears (and will) be coming from the internal router. I remember having to go through something similar to this with a client last year.

Ace

.

Relevant Pages

  • Re: SBS2003 Firewall as good as Routers?
    ... The gateway on the server will still be the router as normal, ... firewall, and you wouldnt believe what that thing is stopping!!! ... >the SBS2003 server directly to the cable modem. ...
    (microsoft.public.windows.server.sbs)
  • Re: firewall ??
    ... > I am getting ready to build my first firewall, using Fedora Core 2. ... > have read a lot of tutorials, but all of them are for firewall with NAT ... > with 50 Class B Ip's we use a default gateway supplied by our University ... through the bridge and reject or drop those it doesn't like. ...
    (Fedora)
  • Re: IP access restriction
    ... > Would a 'firewall' like machine with IPTABLES be able to accomplish this, ... Then create a bridge ... then you add ethernet cards to the bridge (you can have multiple cards in ... acknowledges that a bridging firewall is a possibility is fwbuilder, ...
    (Fedora)
  • Re: network problems 7.0-p3: sendto: Operation not permitted
    ... This usually indicates firewall rules on the local machine, ... This indicates a high number of ICMP packets being received. ... 1 into my cable modem and nother into a linksys 16port vpn router. ... 01:47:12.196000 arp who-has 181.131.216.67.181.static.hargray.net tell ...
    (freebsd-stable)
  • Re: Wkgrp Network of 3 XP and 1 2K ... CDiag logs - 1 files [1/2] - 1 files [1/2]
    ... >> Fix the Bridge on Gatewayp4, ... >> additional problems will be firewall - see the Error 6118 reference. ... Network Neighborhood while the primary master browser is offline. ...
    (microsoft.public.windowsxp.network_web)