On Thursday 05 December 2002 06:13 pm, Administrador de Red wrote:
> Hi friends, i has a big problem with the iptables and you
> rules, i want to doing a nat with the packet filtering but
> when i try access to my mail with the Outlokk Express I
> can't send and recived, the OE ask me a login and
> password, and show the following error
>
> There was a problem logging onto your mail server. Your
> Password was rejected. Account: 'mail.gecyt.cu', Server:
> 'mail.gecyt.cu', Protocol: POP3, Server Response: '-ERR
> your network does not have access to this account', Port:
> 110, Secure(SSL): No, Server Error: 0x800CCC90, Error
> Number: 0x800CCC92
>
> waht it is the problem someone can i help.
> thanks very mouch.
If the OE client receives this error then the communication through the
firewall/NAT is working properly, since it is able to get the request to
the server, and receive a reply from it. The actual text of the error
('your network does not have access to this account') makes me suspect a
cause. My suspicion is this (cheating, in that I looked at the rules in
your next post :^):
You DNAT the packets to forward them to the server. You SNAT them as
well, so that they return to your firewall for reverse handling. The IP
address of the firewall box (the one that the SNAT is putting in as the
source IP on the requests) is not recognized as part of the appropriate
IP range that the user account is expected to connect from, and the
server is refusing to allow it. Quite a few ISP's do this now on SMTP,
as an anti-spam measure, I've rarely seen it for POP3 though.
Is this an email server that you control? If so, or if you can influence
someone who can, check the configuration to see if it is restricted in
this manner. If it is, see if the restriction can be modified to
recognize the public IP that you use in your SNAT. If not, I'm not sure
what can be done. :^(
j
