[ previous ] [ next ] [ threads ]
 
 From:  "Kimmo Jaskari" <kimmo dot jaskari at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] port 25
 Date:  Mon, 1 Jan 2007 18:16:54 +0200
On 1/1/07, Christoph Hanle <christoph dot hanle at leinpfad dot de> wrote:
> e+p wrote:
> > I can't figure out why external mailservers can't reach my mailserver.I've forwarded port 25 to
the internal ipaddress of my mailserver (the NAT & rule).But when I look in the logging, port 25
seems to be natted to my mailserver but when my mailserver replyes the reply is being blocked my the
firewall.It doesn't make a difference if I add a rule to allow traffic from internal mailserver port
25 to any ipaddress/any port. Can anyone help me out?? TIA

> Error, you have a misunderstanding of source- and destinationport.
> the destinationport is always port 25. so you need an outgoing rule
> like: allow my mailserver TCP all to port 25 TCP,address  0.0.0.0.

In fact you need rules to allow traffic on port 25 both in and out. In
addition, you might want to add port 587, the "submission" port.

If you're on a (home) DSL or cable, keep in mind that some ISP's do
block traffic on port 25 these days to keep down the spam and virus
floods that propagate themselves via mail. You can always try the
tried-and-true approach of using telnet to connect to an external
mailserver on port 25 to see if you get a response. The block may not
be in your firewall, that is, it may be externally imposed by your
ISP.

-- 
-{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--

"In the beginning the Universe was created. This made a lot of people
very angry and has been widely regarded as a bad move."
  - "Hitchhikers Guide", Douglas Adams