Re: [m0n0wall] Trying to forward port 25 to internal server, isn't working

From:	Cameron Showalter <cameron at gwschool dot com>
To:	Ed Chatlos <edchat at bellsouth dot net>
Cc:	M0n0Wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Trying to forward port 25 to internal server, isn't working
Date:	Thu, 20 Oct 2005 16:49:23 -0700
Ed Chatlos wrote:

> It might not be M0n0, it is more than likely your ISP is blocking port 
> 25 so you can't run a mail server on a residential account. If you 
> have a business account then Never Mind.
>
>
> Edward A. Chatlos
>
>
> ----- Original Message ----- From: "Memmott @ HitCatcher.com" 
> <memmott at hitcatcher dot com>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Thursday, October 20, 2005 5:08 PM
> Subject: [m0n0wall] Trying to forward port 25 to internal server, 
> isn't working
>
>
>> Hi all,
>>
>>
>>
>> I'm running m0n0wall 1.11 on the Generic PC build. It's connected to the
>> outside world via Verizon DSL. I've set up an internal SMTP server, 
>> and I'm
>> trying to open port 25 so outside hosts can send mail to my domain. 
>> However,
>> the firewall appears to still be blocking port 25. Here's my setup:
>>
>>
>>
>> First, I set up Firewall NAT with the following:
>>
>>
>>
>> Inbound
>>
>> Interface: WAN
>>
>> External Address: Interface address
>>
>> Protocol: TCP
>>
>> External port range: SMTP to SMTP
>>
>> NAT IP: x.x.x.x (Internal IP of mail server)
>>
>> Local port SMTP
>>
>>
>>
>> And I hit the checkbox to create a firewall rule. This generated the
>> following:
>>
>>
>>
>> Action: Pass
>>
>> Disabled: No
>>
>> Interface: WAN
>>
>> Protocol: TCP
>>
>> Source type: any
>>
>> Source port range: any to any
>>
>> Destination: Single host or alias, with internal address of mail server
>>
>> Destination port range: from SMTP to SMTP
>>
>> Do not allow fragmented packets
>>
>> Do log packets that are handled by this rule
>>
>>
>>
>> That firewall rule was placed below the default "block all" rule on 
>> the WAN.
>> I moved it to the top of the list and hit apply.
>>
>>
>>
>> I SSHed into an external server (We'll call it Slappy), and tried to 
>> telnet
>> to port 25 of my external IP address. It just hangs. I look in the 
>> logs, and
>> two "Pass" arrows, one from the WAN interface, then one from the LAN
>> interface. Both have Slappy's IP in the source, with a port of 59048 
>> and a
>> destination of the internal IP with port 25. Immediately after is a 
>> "block"
>> x next to the number 2 with the LAN interface.  The telnet never 
>> connects
>> from Slappy; it just hangs.
>>
>>
>>
>> I don't know what I'm doing wrong. I have a rule set up to allow RDP 
>> from
>> the outside, and that works fine. Can somebody tell me what I might 
>> be doing
>> wrong? Maybe the x with the 2 next to it helps?
>>
>>
>>
>> Thanks,
>>
>> Matt
>>
> -------------------------------------------------------------------------------- 
>
>
>
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.1.360 / Virus Database: 267.12.4/145 - Release Date: 
> 10/20/2005
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
concur with this assessment.  google has conflicting information about 
verizon blocking port 25 from outside their network. but i bet they are.

just as a test, try changing port 25 externally to some other arbitrary 
port externally and try telnet'ing to that port from outside your lan, 
if you can.