OK, I just reread the original thread, and it looks clearly like a
filtering issue. You mentioned that dropping the filters got GWIA
working. So... Something went wrong in the migration of filters from
old to new box. (Filter debug will help a lot in these cases).
For static NAT to an internal GWIA, smtp needs at least two stateful,
or four non-stateful, exceptions for port 25. I prefer the two pairs
of non-stateful myself.
For inbound SMTP from internet to GWIA:
-public to private, tcp dest. Port 25 to GWIA private IP address
-private to public, tcp source port 25 (with ack bit enabled) from GWIA
private IP address.
For outbound SMTP from GWIA to internet, the above, but everything
reversed. (Private to public, tcp dest. Port 25, source ip = GWIA
private address.)
What had me thinking about the secondaries was that you said proxy
worked, and telneting out on port 25 also worked. That told me that
dynamic nat worked, default route was OK, and at least some filter
exceptions were ok. Which suggested to me that static nat was failing
to work. A common cause of static nat failures is not having the
secondary public addresses actually bound. Always check with Display
Secondary Ipaddress to make sure they are there.
I've sometimes (rarely) seen arp tables that did not update on the
internet router side to pick up the new nic change for the addresses.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to
http://www.craigjconsulting.com ***
Re: DR BorderManager
Threaded Mode
