[ previous ] [ next ] [ threads ]
 
 From:  Peter <Peter at iwebsl dot com>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Trying to forward port 25 to internal server, isn't working
 Date:  Thu, 20 Oct 2005 17:26:42 -0400
I run a smtp server on m0n0 with the following setup.
NAT
WAN  	 TCP  	 25 (SMTP)  	 192.168.10.4 	 25 (SMTP)  	 smtp server 
WAN  	 TCP  	 110 (POP3)  	 192.168.10.4 	 110 (POP3)  	 pop3 server 

RULE
TCP  	 *  	 *  	 192.168.10.4	 25 (SMTP)  	 NAT smtp server 
TCP  	 *  	 *  	 192.168.10.4 	 110 (POP3)  	 NAT pop3 server


On Thu, 20 Oct 2005 17:08:55 -0400, Memmott @ HitCatcher.com wrote:
> Hi all,
>
>
> I'm running m0n0wall 1.11 on the Generic PC build. It's connected
> to the
> outside world via Verizon DSL. I've set up an internal SMTP server,
> and I'm
> trying to open port 25 so outside hosts can send mail to my domain.
> However,
> the firewall appears to still be blocking port 25. Here's my setup:
>
>
> First, I set up Firewall NAT with the following:
>
>
> Inbound
>
> Interface: WAN
>
> External Address: Interface address
>
> Protocol: TCP
>
> External port range: SMTP to SMTP
>
> NAT IP: x.x.x.x (Internal IP of mail server)
>
> Local port SMTP
>
>
> And I hit the checkbox to create a firewall rule. This generated the
> following:
>
>
> Action: Pass
>
> Disabled: No
>
> Interface: WAN
>
> Protocol: TCP
>
> Source type: any
>
> Source port range: any to any
>
> Destination: Single host or alias, with internal address of mail
> server
>
> Destination port range: from SMTP to SMTP
>
> Do not allow fragmented packets
>
> Do log packets that are handled by this rule
>
>
> That firewall rule was placed below the default "block all" rule on
> the WAN.
> I moved it to the top of the list and hit apply.
>
>
> I SSHed into an external server (We'll call it Slappy), and tried
> to telnet
> to port 25 of my external IP address. It just hangs. I look in the
> logs, and
> two "Pass" arrows, one from the WAN interface, then one from the LAN
> interface. Both have Slappy's IP in the source, with a port of
> 59048 and a
> destination of the internal IP with port 25. Immediately after is a
> "block"
> x next to the number 2 with the LAN interface.  The telnet never
> connects
> from Slappy; it just hangs.
>
>
> I don't know what I'm doing wrong. I have a rule set up to allow
> RDP from
> the outside, and that works fine. Can somebody tell me what I might
> be doing
> wrong? Maybe the x with the 2 next to it helps?
>
>
> Thanks,
>
> Matt