WinGate Forums

[rboynton]

Not sure why, but I cannot send email from my email server within my LAN. From the WG server, I can telnet to the target email server port 25 fine. I cannot, however, from any PC within the LAN. All LAN PC's can resolve the target mail.domain.com without problem, so it is not a DNS issue.

There are no restrictions for outbound LAN connections to the internet, or LAN connections to the WG server. What would prevent outbound port 25 connections?

[adrien]

are these clients connecting through WinGate?

Does the SMTP server in WinGate intercept connections?

Otherwise it should work.

Just to clarify - the target server you're connecting to is

a) outside your LAN
b) able to be connected to by WinGate
c) able to be resolved (IP) by clients.

Do the clients get the same IP as WinGate does? Or is WinGate say doing an MX lookup and ending at a different server..

[rboynton]

Yes, the internal mail server is connecting through WG. When testing connectivity, all correctly resolve the target mail server's IP.

[adrien]

So could WinGAte be intercepting it? Did you check interception in the SMTP server?

[rboynton]

Since we do not use the WG mail functionality, I had disabled that service (POP, SMTP, IMAP) long ago.

[adrien]

OK.

so how do the connections show in the activity tab? NAT or something else?

If NAT, does it work for other ports? May need to turn off interception on the WWW proxy to see.

[rboynton]

Well, out of desperation I removed WG from the mix and tied my email server directly to the router. I did this by changing the router's internal IP to be the LAN gateway of the WG server. Outbound email began flowing again. After awhile, I changed the IP's again, and put WG back. Lo and behold, everything started working again.

Ever have one of those days (weeks)?????

[adrien]

might pay to take a look at network traffic with wireshark or something.

Sounds like there's something weird going on with your network, perhaps ARP cache needing refreshing or something.

Do you have any WinGate NAT logs for the trouble period?

Adrien

[rboynton]

might pay to take a look at network traffic with wireshark or something.

I did run a couple of captures, one on the LAN side interface of the WG box. I started a telnet session to a remote mail server on port 25 from my internal mail server. I saw a couple of connection attempts from the server. The captured packets showed the source and destination IP's, but I never saw that it was tagged for port 25 though. Very strange indeed.

Sounds like there's something weird going on with your network, perhaps ARP cache needing refreshing or something.

Yeah, you could say that! That is the issue I've had with testing the WG7 beta. I end up running into something like this that takes everything down. Seems simple enough, just build a separate server, then change IP's to redirect traffic to the new box. In this latest episode, I think that something did not reconfigure properly and it stopped the works. Oh well, if IT were perfect, we'd have to find a new method of employment!

Do you have any WinGate NAT logs for the trouble period?

Sure. Anything in particular you're looking for?

[adrien]

might pay to take a look at network traffic with wireshark or something.

I did run a couple of captures, one on the LAN side interface of the WG box. I started a telnet session to a remote mail server on port 25 from my internal mail server. I saw a couple of connection attempts from the server. The captured packets showed the source and destination IP's, but I never saw that it was tagged for port 25 though. Very strange indeed.

It surely must have set dest port to 25. It would also be useful to capture on the external interface of WinGate to see what it turns into once it's gone through WinGate.

Other things to check are that the dest MAC on the SYN packet (on the LAN side) from the server is correct - i.e. it's actually sending it to the WinGate adapter.

Do you have any WinGate NAT logs for the trouble period?

Sure. Anything in particular you're looking for?

Logs should show NAT connections, and list ports / ips etc.

I'm wondering if perhaps there's a route loop or something weird going on. If you're not seeing anything weird on your lan (you monitoring unfiltered?) then try the external network.