POP3 problems (?) through Cisco NAT (RE: (no subject))

["Loomis, Rip" <GILBERT.R.LOOMIS () saic com>]

Terry--

Looking at all the messages, and given that NAT is
allowing you to "browse the inetrnet and all", is
it possible that you need to specify more of a
hostname then just "mail"?

If I try to telnet to the POP3 port on my home ISP's
mail server I get

shell1:[/mnt/www/clark.net/ri/rip] telnet mail 110
Trying 129.250.37.45...
Connected to corporate.email.verio.net.
Escape character is '^]'.
+OK NTT/Verio POP3 (dfw-mmp4)

but on that system "mail" gets properly looked up
in DNS if only a bare hostname is supplied.  Perhaps
the domain suffixes on your home systems aren't
configured in this way...

> From the same system you're using Outlook Express on,
try the following (this should work from a Command/DOS
prompt):

  telnet mail 110
  telnet mail.myfreakin.isp.net  

substituting your real ISP in the latter command. If the
second one works and the first one fails, then it's
not a security problem (it's a sysadmin problem on
your end).  If *neither* of them gives a successful
connection, then let me know off-list and I'll try to
help.  (In either case I'm pretty sure that this whole thread
was off-topic, although that wasn't obvious at the
beginning.)

HTH--

  --Rip

> -----Original Message-----
> From: Luca Berra [mailto:bluca () comedia it]
> Sent: Monday, 14 January, 2002 19:13
> To: firewall-wizards () nfr com
> Subject: Re: [fw-wiz] (no subject)
>
>
> On Sat, Jan 12, 2002 at 05:21:23PM -0500, Terry Bertrand wrote:
> > I am running a cable network at home which includes a cisco 
> router.  I am 
> > able to access email from my cable provider using outlook 
> express without 
> > the router.  When I include the router which is running NAT 
> as part of the 
> > network I am unable to access mail using outlook.  Does 
> anyone have any idea 
> > as to what sort of access-list I would neet to access mail. 
> I have tried the 
> > following. the configuration of outlook express is
> > out mail port 25
> > in mail port 110
> >
> > access-list 105 permit tcp any any eq smtp (in)
> > access-list 106 permit tcp any any eq smtp (out)
>
> i am lazy, so i will consider all that has been said about 
> ppl who can solve problems
> and ppl who have no clue, and i will counsel you to add rule 
> to every list.
>
> access-list 105 deny ip any any log
> access-list 106 deny ip any any log
>
> then look at the debug on your router.
>
> you will probably find out something interesting about the 
> difference of source and
> destination ports and the fact that a cisco is stateless.
> (btw if you don't even mention pop3 the router won't figure 
> it out by itself)
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards