opening firewall ports on multiple IP mail server

Howdy,
We have a Server 2003 machine that has multiple IP
addresses to service several mail domains. The primary
address for the machine is .133 and it is hosting mail
services on addresses .144 thru .148. How can I open
ports for the other IPs? I open port 25, for example
on .144 and the system won't let me open port 25
on .145. Or should I try? If I only need to open one
port then which address should it be?

Thanks in advance. Dana

Hi Dana,

Ports are opened automatically once some application listens on that port
(like SMTP in your case). Just "opening" it won't do any good -- service has
to listen on it to receive the data.
I am not sure why you would need more then one IP to listen for SMTP
traffic. Even with one IP you can receive SMTP traffic for all domains, you
just have to setup MX records so that for all domains they point to that one
IP.

If you are using IIS SMTP you have to create additional SMTP Virtual Servers
for every domain that you host. To each SMTP Virtual Server you assign one
IP from your pool (144-148) and start the services. This will open up the
ports for you.

I hope this helps,

Mike

"Dana Netz" <(E-Mail Removed)> wrote in message
news:279401c47dc2$c0cd3d60$(E-Mail Removed)...
> Howdy,
> We have a Server 2003 machine that has multiple IP
> addresses to service several mail domains. The primary
> address for the machine is .133 and it is hosting mail
> services on addresses .144 thru .148. How can I open
> ports for the other IPs? I open port 25, for example
> on .144 and the system won't let me open port 25
> on .145. Or should I try? If I only need to open one
> port then which address should it be?
>
> Thanks in advance. Dana
>
>

You should have used one IP# for all domains. You configure the mail server
itself to listen for and process mail for serveral Domains but it still all
comes in at the same IP# on the same "service". It is the mail server itself
that separates out all the messages for different domains after it receives
them.

Think about ISPs, they may have 1000's of customers, they don't setup a
whole new mail service on a different IP# everytime a customer wants their
domainname in the email address.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Dana Netz" <(E-Mail Removed)> wrote in message
news:279401c47dc2$c0cd3d60$(E-Mail Removed)...
> Howdy,
> We have a Server 2003 machine that has multiple IP
> addresses to service several mail domains. The primary
> address for the machine is .133 and it is hosting mail
> services on addresses .144 thru .148. How can I open
> ports for the other IPs? I open port 25, for example
> on .144 and the system won't let me open port 25
> on .145. Or should I try? If I only need to open one
> port then which address should it be?
>
> Thanks in advance. Dana
>
>

I'm not sure if my software supports what you are talking
about. I also need to open these firewall ports for the
IIS on my other hosted domains. Same deal, if I open
port 8000 on the computer's primary IP then I cannot open
port 8000 on any of the IPs of the other hosted domains.



>-----Original Message-----
>You should have used one IP# for all domains. You
configure the mail server
>itself to listen for and process mail for serveral
Domains but it still all
>comes in at the same IP# on the same "service". It is
the mail server itself
>that separates out all the messages for different
domains after it receives
>them.
>
>Think about ISPs, they may have 1000's of customers,
they don't setup a
>whole new mail service on a different IP# everytime a
customer wants their
>domainname in the email address.
>
>--
>
>Phillip Windell [MCP, MVP, CCNA]
>www.wandtv.com
>
>
>"Dana Netz" <(E-Mail Removed)> wrote
in message
>news:279401c47dc2$c0cd3d60$(E-Mail Removed)...
>> Howdy,
>> We have a Server 2003 machine that has multiple IP
>> addresses to service several mail domains. The primary
>> address for the machine is .133 and it is hosting mail
>> services on addresses .144 thru .148. How can I open
>> ports for the other IPs? I open port 25, for example
>> on .144 and the system won't let me open port 25
>> on .145. Or should I try? If I only need to open one
>> port then which address should it be?
>>
>> Thanks in advance. Dana
>>
>>
>
>
>.
>

OK, what about POP3? Similar deal, I still need to open
the firewall ports for each of those addresses, too.

Dana


>-----Original Message-----
>Hi Dana,
>
>Ports are opened automatically once some application
listens on that port
>(like SMTP in your case). Just "opening" it won't do any
good -- service has
>to listen on it to receive the data.
>I am not sure why you would need more then one IP to
listen for SMTP
>traffic. Even with one IP you can receive SMTP traffic
for all domains, you
>just have to setup MX records so that for all domains
they point to that one
>IP.
>
>If you are using IIS SMTP you have to create additional
SMTP Virtual Servers
>for every domain that you host. To each SMTP Virtual
Server you assign one
>IP from your pool (144-148) and start the services. This
will open up the
>ports for you.
>
>I hope this helps,
>
>Mike
>
>"Dana Netz" <(E-Mail Removed)> wrote
in message
>news:279401c47dc2$c0cd3d60$(E-Mail Removed)...
>> Howdy,
>> We have a Server 2003 machine that has multiple IP
>> addresses to service several mail domains. The primary
>> address for the machine is .133 and it is hosting mail
>> services on addresses .144 thru .148. How can I open
>> ports for the other IPs? I open port 25, for example
>> on .144 and the system won't let me open port 25
>> on .145. Or should I try? If I only need to open one
>> port then which address should it be?
>>
>> Thanks in advance. Dana
>>
>>
>
>
>.
>

If we are still talking about mail server and not firewall (like ISA) then
again, instead of using SMTP service this time you need to edit and
configure your POP3 software solution. Assign it IPs and start the service.
It will open up the appropriate TCP ports (110). Again this can be done on
1 IP.

Mike

<(E-Mail Removed)> wrote in message
news:321801c47e74$28c0da10$(E-Mail Removed)...
> OK, what about POP3? Similar deal, I still need to open
> the firewall ports for each of those addresses, too.
>
> Dana
>
>
> >-----Original Message-----
> >Hi Dana,
> >
> >Ports are opened automatically once some application
> listens on that port
> >(like SMTP in your case). Just "opening" it won't do any
> good -- service has
> >to listen on it to receive the data.
> >I am not sure why you would need more then one IP to
> listen for SMTP
> >traffic. Even with one IP you can receive SMTP traffic
> for all domains, you
> >just have to setup MX records so that for all domains
> they point to that one
> >IP.
> >
> >If you are using IIS SMTP you have to create additional
> SMTP Virtual Servers
> >for every domain that you host. To each SMTP Virtual
> Server you assign one
> >IP from your pool (144-148) and start the services. This
> will open up the
> >ports for you.
> >
> >I hope this helps,
> >
> >Mike
> >
> >"Dana Netz" <(E-Mail Removed)> wrote
> in message
> >news:279401c47dc2$c0cd3d60$(E-Mail Removed)...
> >> Howdy,
> >> We have a Server 2003 machine that has multiple IP
> >> addresses to service several mail domains. The primary
> >> address for the machine is .133 and it is hosting mail
> >> services on addresses .144 thru .148. How can I open
> >> ports for the other IPs? I open port 25, for example
> >> on .144 and the system won't let me open port 25
> >> on .145. Or should I try? If I only need to open one
> >> port then which address should it be?
> >>
> >> Thanks in advance. Dana
> >>
> >>
> >
> >
> >.
> >

Sorry, I missed it before. What firewall are we talking about? Opening ports
is firewall specific operation.

Do you use built-in firewall that comes with Windows 2003 server (ICF), or
ISA or any other firewall?

Mike

"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> If we are still talking about mail server and not firewall (like ISA) then
> again, instead of using SMTP service this time you need to edit and
> configure your POP3 software solution. Assign it IPs and start the
service.
> It will open up the appropriate TCP ports (110). Again this can be done
on
> 1 IP.
>
> Mike
>
> <(E-Mail Removed)> wrote in message
> news:321801c47e74$28c0da10$(E-Mail Removed)...
> > OK, what about POP3? Similar deal, I still need to open
> > the firewall ports for each of those addresses, too.
> >
> > Dana
> >
> >
> > >-----Original Message-----
> > >Hi Dana,
> > >
> > >Ports are opened automatically once some application
> > listens on that port
> > >(like SMTP in your case). Just "opening" it won't do any
> > good -- service has
> > >to listen on it to receive the data.
> > >I am not sure why you would need more then one IP to
> > listen for SMTP
> > >traffic. Even with one IP you can receive SMTP traffic
> > for all domains, you
> > >just have to setup MX records so that for all domains
> > they point to that one
> > >IP.
> > >
> > >If you are using IIS SMTP you have to create additional
> > SMTP Virtual Servers
> > >for every domain that you host. To each SMTP Virtual
> > Server you assign one
> > >IP from your pool (144-148) and start the services. This
> > will open up the
> > >ports for you.
> > >
> > >I hope this helps,
> > >
> > >Mike
> > >
> > >"Dana Netz" <(E-Mail Removed)> wrote
> > in message
> > >news:279401c47dc2$c0cd3d60$(E-Mail Removed)...
> > >> Howdy,
> > >> We have a Server 2003 machine that has multiple IP
> > >> addresses to service several mail domains. The primary
> > >> address for the machine is .133 and it is hosting mail
> > >> services on addresses .144 thru .148. How can I open
> > >> ports for the other IPs? I open port 25, for example
> > >> on .144 and the system won't let me open port 25
> > >> on .145. Or should I try? If I only need to open one
> > >> port then which address should it be?
> > >>
> > >> Thanks in advance. Dana
> > >>
> > >>
> > >
> > >
> > >.
> > >
>
>

"Dana Netz" <(E-Mail Removed)> wrote in message
news:321601c47e73$58f16390$(E-Mail Removed)...
> I'm not sure if my software supports what you are talking
> about. I also need to open these firewall ports for the
> IIS on my other hosted domains. Same deal, if I open
> port 8000 on the computer's primary IP then I cannot open
> port 8000 on any of the IPs of the other hosted domains.

What you are doing is not "opening ports". What you are doing is "Static
NAT" (aka Reverse NAT). You cannot do what you are trying to do because
"reality" is getting in the way. You can only associate one internal
IP#/Port# combination to the one external IP#/Port# combination of the
Firewall.

You need to follow the similar technique with the web server as I described
with the mail server. Public DNS should be setup so the all those domains
resolve to the same IP# (the Firewall's). Then *all* the mail is sent to
the *one* internal IP# of the same mail server and *all* the web traffic is
sent to *one* the internal IP# of the same web server. The mail server must
be capable of working with multiple domains and it will "sort out" the mail.
The web server will use Host Headers to "sort out" which site running on the
box is supposed to receive the request.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I think you guys are getting "spun off" in the wrong direction. See my most
recent post to Dana. Of course I could be wrong instead <g>, but read the
post.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Sorry, I missed it before. What firewall are we talking about? Opening
ports
> is firewall specific operation.
>
> Do you use built-in firewall that comes with Windows 2003 server (ICF), or
> ISA or any other firewall?
>
> Mike
>
> "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > If we are still talking about mail server and not firewall (like ISA)
then
> > again, instead of using SMTP service this time you need to edit and
> > configure your POP3 software solution. Assign it IPs and start the
> service.
> > It will open up the appropriate TCP ports (110). Again this can be done
> on
> > 1 IP.
> >
> > Mike
> >
> > <(E-Mail Removed)> wrote in message
> > news:321801c47e74$28c0da10$(E-Mail Removed)...
> > > OK, what about POP3? Similar deal, I still need to open
> > > the firewall ports for each of those addresses, too.
> > >
> > > Dana
> > >
> > >
> > > >-----Original Message-----
> > > >Hi Dana,
> > > >
> > > >Ports are opened automatically once some application
> > > listens on that port
> > > >(like SMTP in your case). Just "opening" it won't do any
> > > good -- service has
> > > >to listen on it to receive the data.
> > > >I am not sure why you would need more then one IP to
> > > listen for SMTP
> > > >traffic. Even with one IP you can receive SMTP traffic
> > > for all domains, you
> > > >just have to setup MX records so that for all domains
> > > they point to that one
> > > >IP.
> > > >
> > > >If you are using IIS SMTP you have to create additional
> > > SMTP Virtual Servers
> > > >for every domain that you host. To each SMTP Virtual
> > > Server you assign one
> > > >IP from your pool (144-148) and start the services. This
> > > will open up the
> > > >ports for you.
> > > >
> > > >I hope this helps,
> > > >
> > > >Mike
> > > >
> > > >"Dana Netz" <(E-Mail Removed)> wrote
> > > in message
> > > >news:279401c47dc2$c0cd3d60$(E-Mail Removed)...
> > > >> Howdy,
> > > >> We have a Server 2003 machine that has multiple IP
> > > >> addresses to service several mail domains. The primary
> > > >> address for the machine is .133 and it is hosting mail
> > > >> services on addresses .144 thru .148. How can I open
> > > >> ports for the other IPs? I open port 25, for example
> > > >> on .144 and the system won't let me open port 25
> > > >> on .145. Or should I try? If I only need to open one
> > > >> port then which address should it be?
> > > >>
> > > >> Thanks in advance. Dana
> > > >>
> > > >>
> > > >
> > > >
> > > >.
> > > >
> >
> >
>
>