March 2006:   Messages by [ date ] [ author ] [ subject ]

Back to Mailling list archive



Re: [pplus] Changed to a router - unable to access P+ Do not forget about the secure interfaces

Sender: Oren Yulevitch <ProxyPlusyulevitch.org>
Date: Mar 13 2006, 07:16


First I must say that the problem is solved!
I wrote the e-mail - just to remind people about these setting, which I 
spent 8 hours of debugging on.

Due to the installation of the router I changed the IP addresses of the 
network.
It used to be 192.168.X.X and now it is 10.0.0.X
All worked well - excluding the P+ services.

The problem was security settings. Once I resolved it. Under Security and 
Mail relaying. All became operational again.
Oren

----- Original Message ----- 
From: "Dalibor Toman" <dtomanfortech.cz>
To: <pplusengproxyplus.net>
Sent: Monday, March 13, 2006 12:59 AM
Subject: Re: [pplus] Changed to a router - unable to access P+ Do not forget 
about the secure interfaces


> On Saturday, March 11, 2006 7:46 PM ,
> Oren Yulevitch <ProxyPlusyulevitch.org> wrote:
>
>> Hi,
>>
>> I wrote this e-mail so I decided to send it anyhow.
>>
>> --start of original e-mail
>>
>> I am using P+ as my family mail server.
>> I was working with a BNC network for some time. Worked great - but
>> lack the wireless functionality.
>> I installed yesterday a wireless router (RTA1025W) and I have a few
>> problems.
>>
>> I am able to access all the computer from all the computers on the
>> network. I am able to access the mail server (ports 110, 25) and the
>> admin page (4400) from the same server station.
>>
>> I cannot get into the mail/admin page from any computer on the
>> network.
>
> What do you mean by 'I cannot get' ? - do you see any response from P+? 
> (security problem?) Or there is no response at all? Did you try to use 
> telnet instead of browser to see what happens (telnet ip_of_pc_with_proxy 
> 4400)
> Are there any related messages logged in Proxy+'s Secure log ?  If yes you 
> are using IP which is ano allowed in P+' s security settings - Add it or 
> change the IP range you defined formerly.
>

I did not get any response from the P+ computer. Nothing.
when I used telnet I received no respose.
For 110 port I received an error message saying there is a server error.

>>
>> I disabled all the firewalls I have - no luck.
>> I tried to use port forwarding - no luck.
>>
>> -- end of original e-mail
>>
>> When I tried to send e-mal I received an error - unable to relay
>> message.... this triggered a test into the relay action and from
>> there the way to secured interfaces was short.
>
> If the P+ was the mailer which rejected the message with 'relay not 
> allowed' response you probably need to change your security settings and 
> the 'Enable relayinf for these clients' rule in Mail/SMTP Settings

You are right. Once I fixed that i rememberd the other security settings.
When I looked in the security log I saw the following:
03.11.2006 20:24:11 Insecure request detected: REJECTED - by default (no 
rule allowed the access) [POP3; 10.0.0.2:2136 -> 10.0.0.1:110]
03.11.2006 20:27:49 Insecure request detected: REJECTED - by default (no 
rule allowed the access) [POP3; 10.0.0.2:2182 -> 10.0.0.1:110]
03.11.2006 20:29:47 Insecure request detected: REJECTED - by default (no 
rule allowed the access) [POP3; 10.0.0.3:2917 -> 10.0.0.1:110]

This showed me the way to the security tab and there to Secure interfaces 
and Secure clients.
Once I resolved this - all came back to normal again.

>
> I think the wireless router is running NAT (network address translation) 
> so the IP address of station which connect to the router doesn't matter. 
> The WAN ip of the router is the interesting one - it is the address the P+ 
> will see so you have to add this address into security settings and 
> relaying list.

I do not know about NAT.
Each individual IP matters.
The WAN address is a dynamic one from my ISP. I cannot add it to P+ even if 
I wanted to.
And , there is no need to it.

>
> Regards
> Dalibor Toman
> Fortech Ltd

Thanks,
Oren


References:
Re: [pplus] Changed to a router - unable to access P+ Do not forget about the secure interfaces Dalibor Toman <dtomanfortech.cz> (Mar 13 2006)