[ previous ] [ next ] [ threads ]
 
 From:  "Memmott at HitCatcher.com" < at >
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Trying to forward port 25 to internal server, isn't working
 Date:  Thu, 20 Oct 2005 17:08:55 -0400
Hi all,

 

I'm running m0n0wall 1.11 on the Generic PC build. It's connected to the
outside world via Verizon DSL. I've set up an internal SMTP server, and I'm
trying to open port 25 so outside hosts can send mail to my domain. However,
the firewall appears to still be blocking port 25. Here's my setup:

 

First, I set up Firewall NAT with the following:

 

Inbound

Interface: WAN

External Address: Interface address

Protocol: TCP

External port range: SMTP to SMTP

NAT IP: x.x.x.x (Internal IP of mail server)

Local port SMTP

 

And I hit the checkbox to create a firewall rule. This generated the
following:

 

Action: Pass

Disabled: No

Interface: WAN

Protocol: TCP

Source type: any

Source port range: any to any

Destination: Single host or alias, with internal address of mail server

Destination port range: from SMTP to SMTP

Do not allow fragmented packets

Do log packets that are handled by this rule

 

That firewall rule was placed below the default "block all" rule on the WAN.
I moved it to the top of the list and hit apply.

 

I SSHed into an external server (We'll call it Slappy), and tried to telnet
to port 25 of my external IP address. It just hangs. I look in the logs, and
two "Pass" arrows, one from the WAN interface, then one from the LAN
interface. Both have Slappy's IP in the source, with a port of 59048 and a
destination of the internal IP with port 25. Immediately after is a "block"
x next to the number 2 with the LAN interface.  The telnet never connects
from Slappy; it just hangs.

 

I don't know what I'm doing wrong. I have a rule set up to allow RDP from
the outside, and that works fine. Can somebody tell me what I might be doing
wrong? Maybe the x with the 2 next to it helps?

 

Thanks,

Matt