Sendmail behind firewall Solaris 9

Similar Messages

• PAT with a single public IP and several servers behind firewall

  Hi,
  New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
  Single static public IP:  16.2.3.4
  Need to PAT several ports to three separate servers behind firewall
  One server houses email, pptp server, ftp server and web services: 10.1.20.91
  One server houses drac management (port 445): 10.1.20.92
  One server is the IP phone server using a range of ports: 10.1.20.156
  Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505. 
  Here is what I have.  Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP?
  ASA Version 8.4(4)1
  hostname kaa-pix
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.1.20.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 16.2.3.4 255.255.255.0
  ftp mode passive
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network server_smtp
  host 10.1.20.91
  object service Port_25
  service tcp source eq smtp
  object service Port_3389
  service tcp source eq 3389
  object service Port_1723
  service tcp source eq pptp
  object service Port_21
  service tcp source eq ftp
  object service Port_443
  service tcp source eq https
  object service Port_444
  service tcp source eq 444
  object network drac
  host 10.1.20.92
  object service Port_445
  service tcp source eq 445
  access-list acl-out extended permit icmp any any echo-reply
  access-list acl-out extended permit icmp any any
  access-list acl-out extended permit tcp any interface outside eq pptp
  access-list acl-out extended permit tcp any object server_smtp eq smtp
  access-list acl-out extended permit tcp any object server_smtp eq pptp
  access-list acl-out extended permit tcp any object server_smtp eq 3389
  access-list acl-out extended permit tcp any object server_smtp eq ftp
  access-list acl-out extended permit tcp any object server_smtp eq https
  access-list acl-out extended permit tcp any object server_smtp eq 444
  access-list acl-out extended permit tcp any object drac eq 445
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source static server_smtp interface service Port_25 Port_25
  nat (inside,outside) source static server_smtp interface service Port_3389 Port_
  3389
  nat (inside,outside) source static server_smtp interface service Port_1723 Port_
  1723
  nat (inside,outside) source static server_smtp interface service Port_21 Port_21
  nat (inside,outside) source static server_smtp interface service Port_443 Port_4
  43
  nat (inside,outside) source static server_smtp interface service Port_444 Port_4
  44
  nat (inside,outside) source static drac interface service Port_445 Port_445
  object network obj_any
  nat (inside,outside) dynamic interface
  route outside 0.0.0.0 0.0.0.0 16.2.3.1 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  prompt hostname context
  no call-home reporting anonymous

  Thanks Lcambron...I got PPTP to work.  Everything else works fine.  I can access email, access my web server, FTP server, and PPTP server.  However, from the above configuration, I cannot access my DRAC over the internet..The DRAC runs on a different internal server, and over port 445.  So I have th following lines:
  object network drac
  host 10.1.20.92
  object service Port_445
  service tcp source eq 445
  access-list acl-out extended permit tcp any object drac eq 445
  nat (inside,outside) source static drac interface service Port_445 Port_445
  Am I missing something here?  Internally, i can telnet to port 445 on 10.1.20.92, so I know it is listening.  However, externally, i cannot telnet to my external ip address of the ASA through port 445. 
  Thanks

• Issue with Adobe flex data.xml file not reachable from bsp behind firewall

  Hi Gurus,
  I have a problem with the <mx:HTTPService> tag the following is the actual tag,
  <mx:HTTPService
  id="Srv"
  url="data.xml"
  useProxy="false"
  method="POST" result="resultHandler(event)"/>
  When accessed locally I can see the data in the flex as the data.xml can be reached. when the same is accessed from internet behind firewall, the url is entirely different and the .swf file in the BSP page cannot access the data.xml. I cannot give the absolute url in the tag as the BSP page application is accessed differently in different servers. any help on this would be greatly appreciated
  Thanks
  Akbar

  Sorry somehow I missed this question, an even easier way to do this is to allow your Flash movie to "script" ( this is the default behavior for a Flex application ) and then call some javascript to obtain exactly what the page URL is and then go from there to get your data:
  import flash.external.ExternalInterface;
  import mx.utils.URLUtil;
  var
  if(ExternalInterface.available){
       pageURL = ExternalInterface.call("window.location.href.toString");
  // Do whatever you need with the URL here.
       var serverName:String = URLUtil.getServerNameWithPort(pageURL);
  -d

• Adding devices behind firewall

  i have just installed an AirPort Extreme and want to add my thermostat so i can access them remotely.  Do i need to add the MAC address and or IP Address of the thermostats?  How do i do this and where?

  Hi,
  TACACS+ authentication service between Network devices and AAA Server is running on TCP 49. The 2004-5000 port range is only applicable if you need to access ACS Server (for management purposes) from outside/internet. In your case, if you need to access your devices behind firewall from external network, what you need is map your internal network devices with public IP, and open ddesired service port, e.g SSH (tcp 22) on your Firewall outside interface ACL to allow incoming access.
  For your internal devices, you need to have appropriate AAA configuration that point to ACS (e.g TACACS+). In your ACS, set these devices as AAA Client, and configured appropriate IP, secret key and using TACACS+.
  Before you test ssh access from internet/external network, test your SSH access locally. It must be successful to get AAA to authenticate your SSH connection request.
  http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e996.html
  Hope this helps.
  Rgds,
  AK

• ITunes Ver 10.6 Radio will not play behind firewall

  iTunes Ver 10.6 Radio will not play behind firewall while version 10.5 works just fine.
  I uninstalled and reinstalled a fresh version of 10.6 rather than just upgrading and still not working.
  Our Firewall is BlueCoat....
  Works just fine outside the firewall..
  Anyone have any suggestions?
  Thanks in Advance
  david

  Update:
  I also noticed that version 10.5 doesn't prompt for Proxy credentials while version 10.6 does...
  thanks in advance
  d

• SMTP behind Firewall

  We have a sever behind firewall, the SMTP ports are opened on firewall. When the application tries to send mail using java mail API, I get the following error. Anything worng with firewall (or) mail api ?
  javax.mail.SendFailedException: Sending failed;
  nested exception is:
  javax.mail.MessagingException: 530 5.7.3 Client was not authenticated
  at javax.mail.Transport.send0(Transport.java:219)
  at javax.mail.Transport.send(Transport.java:81)

  I think you have made it to the mail server (sounds like exchange). Looks like the server is setup to require authentication on incoming SMTP requests. Look here
  http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_20250036.html
  Of course, I could be wrong and your firewall has a custom message for SMTP traffic which isn't coming from a 'authorized' mail server or a authenicating proxy server.

• Accessing application 11.5.7  through internet and behind firewall

  Hi,
  We are going to install Oracle application 11.5.7 on Sunsolaris 8 on Single Node. We want to access our application through internet i.e www.abc.com/myapplications, is it possible. what are the prerequistes for this.
  And one more thing, our application are going to be behind firewall. what are all the precautions do I need to take before I install.
  Are there any documents in the metalink or in any other website.
  Any help on this is highly appreciated.
  Thanks
  Giri

  shailendra
  in apps when you are connecting to database using sqlplus you should mention the service name too.this could be generally your sid name , for example : system/manager@prod.
  regarding your second query sysadmin is the default username created by apps to carry out the system administration , and this user has number of responsibilities defined , out of which application developer is one such responsibility. so when you login using this username then you have to metion to the apps by what responsibility you want to carry with you.
  if you want to directly login to application developer responsibility ,then create one user and assign him this responsibility. login with this user.
  Any way you have one more default user is there called operations and password is welcome
  hope this will helps you , pls get back with ur comments.
  Note: I request all the working APPS DBA's to share their knowledge in this forum.
  regards
  srinivas

• Wireless printing behind firewall

  Greetings. Since upgrading to 10.5, I am no longer able to wirelessly print behind firewall unless I check "set access for specific services and applications" under system preferences/security/firewall (on computer allowing printer sharing). I would think that I could print after checking "allow only essential services," since printer sharing is on, and this shows in the list of "specific services" allowed. I was hoping that this would be solved after upgrading to 10.5.3, but it is not.
  This applies to all connected USB printers. Router is a Lyksys WRT54GS.
  Although probably unnecessary, I would prefer to use the more secure firewall setting ( "allow only essential services"). Any ideas would be appreciated.

  You need to have the right equipment. You have to put ISP equipment on the DMZ. What you need is an access point that resides on your inside internal network. This AP will associate clients and would place these clients on your internal network. Then you would configure your infrastructure to route the traffic how you wish. The reason you can't do what you want is that an ISP wifi router only has one route it knows..... That is what it knows from the wan port. So all traffic leaves the wan port via the ISP default gateway.
  Posted from my mobile device.

• Configure sendmail client  on solaris 9

  Hi,
  I am facing problem in configuring sendmail client on solaris 9 .I was able to receive mail if I send mail to any indiviual email id but I was unable to send mail to alias group even after run new aliases .
  Regards
  Kumar

  Please post the error message and the sendmail logging so we can see what goes wrong.

• Updates Firmwire behind firewall

  Hii there...
  I have a weak question ..he..he...
  can I update my n70 firmwire if I behind firewall? I mean my firewall doesn't allow/permit the updater software to reach the internet connection...
  The firewall is integrated on server....

  You have to allow your firewall to let the NSU connect to the remote update servers. Without this, you'll just get "Unable to connect to NOL" messages on the software updater. =)

• What are prerequisite for Design Studio Client tool behind firewall?

  Hi Experts,
  Can you tell me what are prerequisites for Design Studio Client tool behind firewall?
  Best Regards,
  Pushkar

  Hi Pushkar,
  In which 'mode' would you like to use the Design Studio Client application. Connected to the BI platform, SAP HANA, etc?
  With kind regards,
  Martijn

• Callback cannot be done if client behind firewall. But WHY?

  I've read a lot of threads regarding callback is not achievable if client is behind firewall. But i couldn't find the DETAILED reason for that. Can anyone explain that?
  Thank,
  Jax

  In order for a server to asynchronously callback a client, it must create an inbound socket connection to the client, to send the message. This is precisely the type of thing a firewall is designed to prevent.
  To receive callbacks, the firewall would have to open a specific port for inbound connections to the client, and the server would have to be aware of this port as well.

• Putting Identity Server behind firewall

  Hi All,
  I have an application running on SunONE app server 7 with agent in order to control authentication and authorization. I would like to put the identity server behind firewall. However, everytime when the agent redirect to identity server to perform login, it redirects directly which user can't access the login page. May I know how can I put the Identity server behind firewall? Must I use web proxy server instead? Any other solution? Thx a lot.
  \Tobey

  Hi, this is Tobey again. I have installed Identity Server 6.1 and a web proxy server 3.6 in front of the Identity Server.
  The web proxy server succeed in reverse proxying all usual applications. However, when I try accessing amconsole through proxy server, the console service always re-direct me to Identity Server host directly. And my client browser is not allow to resolve that hostname.
  What I have configured is setting regular and reverse url mapping in Web proxy server. In Identity server, I have set the fqdn mapping, dns alias, adding one more in server list and cookies domain.
  Any one had experience on putting Identity Server behind firewall? How to solve the hostname problem that redirected by Identity Server service? Thx a lot.
  \Tobey

• RMI Clients behind firewall

  When the RMI client behind firewall tries to access the server the following error is thrown up:
  java.rmi.ConnectIOException: Exception creating connection to: 10.130.12.128; ne
  sted exception is:
  java.net.NoRouteToHostException: Operation timed out: no further informa
  tion
  java.net.NoRouteToHostException: Operation timed out: no further information
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(Unknown Source)
  at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
  at java.net.PlainSocketImpl.connect(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
  ource)
  at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
  ource)
  at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
  at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
  at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
  at sun.rmi.server.UnicastRef.invoke(Unknown Source)
  at RMIFaxServer_Stub.getResult(Unknown Source)
  at FaxTest.main(FaxTest.java:51)

  your client is behind the firewall but the server you're trying to access has an address 10.x.x.x which says that it too is behind a firewall and not on the Internet, or is the server in a DMZ. It sounds more like a networking issue than a java problem at this point. If the server is on some side of a firewall, you may need a some sort of "permit established" config setting added to the firewall. Just a thought.

• Devices Behind Firewall ACS 4.0 Local

  All,
  I just read a post labeled "ACS 4.0 Behind Firewall" and it talked about opening ports 2004 to 5000 to access the ACS server that is behind the firewall. My question is does this same port range apply if you are trying to access and authenticate to a device that is behind a firewall. When I try to access one of my devices that is behind the firewall I can't authenticate through the ACS box so I end up using the local username and password. Can anyone tell me what ports I have to open on the firewall to allow the authetication to go back to the ACS server. Thanks

  Hi,
  TACACS+ authentication service between Network devices and AAA Server is running on TCP 49. The 2004-5000 port range is only applicable if you need to access ACS Server (for management purposes) from outside/internet. In your case, if you need to access your devices behind firewall from external network, what you need is map your internal network devices with public IP, and open ddesired service port, e.g SSH (tcp 22) on your Firewall outside interface ACL to allow incoming access.
  For your internal devices, you need to have appropriate AAA configuration that point to ACS (e.g TACACS+). In your ACS, set these devices as AAA Client, and configured appropriate IP, secret key and using TACACS+.
  Before you test ssh access from internet/external network, test your SSH access locally. It must be successful to get AAA to authenticate your SSH connection request.
  http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e996.html
  Hope this helps.
  Rgds,
  AK