Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cant access mail/ftp internally

Status
Not open for further replies.

mike772

IS-IT--Management
Joined
Mar 27, 2008
Messages
1
Hey Everyone, we setup a firebox X500 as a nat/firewall, we have a few external IPs and those are setup to point to out mail server, ftp server & a terminal server.

When outside the network, mail on mail.ourdomain.com points correctly, I can use the imap, outlook webmail, the ftp server and the terminal all using external IPs.

When inside the network I can't get to anything with external IPs or the mail.ourdomain.com. I can get to it with the internal IP just fine.

The main problem right now is laptops/cell phones when they are on ethernet/wifi internally the mail is set to mail.ourdomain.com

How can I make this work going out to the internet and back in to the correct box? What are my options? We are running DHCP and DNS on a Win 2K3 SBS Box.

Thank you
 
Watchguard does not support NAT Loopback to the same network segment, which is what you are experiencing. If your people on the inside were on a different network segment than your servers then it would (should) be able to work; however, since it sounds like you are all on the same segment it will not work. Try to configure one of the other open interfaces on the Watchguard for a different network and plug a laptop in and try to access it via public FQDN.

The best way to do this is to simply create a new DNS zone in AD that mimics your public DNS setup. Inside of this new zone create the required A records so that when your people go to mail.acme.com it will translate to your internal IP address. The same for ftp, www, etc.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Another option is to write the FQDN and place it on your external facing DNS server with the external IP, and on your internal DNS have it resolve to the internal IP.

And a third way (counting the earlier response), would be to set up your email server in a DMZ and setup a route between the internal zone and the DMZ.
 
I second what unclerico said. Make entries in dns to imitate what you have externally and it will make your life a lot easier.

I've done it with email, terminal server, polycom, and www.

Chris
IT Manager
Houston, Texas
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top