How do I make my SMTP server available for the outside world

evert · Sun Jul 25, 2004 9:43 pm

Hi everyone!

Got my Mikrotik unit up and running, and access to the Internet works fine. But... I seem to have troubles with connections towards my mail server?

Which rule(s)/settings do I need to make people who go to port 25 on my public IP end up at port 25 of private IP 192.168.24.140 ?

Regards,
Evert

butche · Mon Jul 26, 2004 4:49 am

Which rule(s)/settings do I need to make people who go to port 25 on my public IP end up at port 25 of private IP 192.168.24.140 ?

/ip firewall dst-nat
add action=nat dst-address=PUBLIC.IP.ADD.RESS/32:25 \
to-dst-address=192.168.24.140

That should get it for you.

evert · Mon Jul 26, 2004 8:21 am

Thanks, I'll give it a try...!

PS. Is it also possible to do that rule without entering my public IP? It's semi-dynamic, and I'd hate to have to edit all my rules when/if it changes...

Regards,
Evert

Dave · Mon Jul 26, 2004 10:14 am

If you want to redirect ALL your SMTP traffic to the local address, you can set only the dst-port=25 and to-dst-address=local_IP:port without setting your public IP.

evert · Mon Jul 26, 2004 10:22 am

Wouldn't that prevent that local server from sending SMTP out?
(if all SMTP is redirected to 192.168.24.140, wouldn't that have 192.168.24.140 send all outgoing email to itself, instead of the correct destination?)

Regards,
Evert

cmit · Mon Jul 26, 2004 11:11 am

No - just redirect all SMTP traffic coming IN on your public interface. So this won't interfere with outgoing SMTP traffic (which is coming IN on your "private" interface).

evert · Mon Jul 26, 2004 12:42 pm

Which rule(s)/settings do I need to make people who go to port 25 on my public IP end up at port 25 of private IP 192.168.24.140 ?
/ip firewall dst-nat
add action=nat dst-address=PUBLIC.IP.ADD.RESS/32:25 \
to-dst-address=192.168.24.140

That should get it for you.

Hmm, doesn't seem to work...

I just tried a 'telnet http://www.poboxes.info 25' from an external IP, and don't get connected to the SMTP server...

Regards,
Evert

cmit · Mon Jul 26, 2004 1:01 pm

You'll have to add an additional firewall rule in the forward chain to permit the traffic - see my post in this thread; http://bruno.pmi.lv/phpbb2/viewtopic.ph ... highlight=.

evert · Mon Jul 26, 2004 7:29 pm

Hmm, still nothing...

I've used your example for both port 25 & 80, but as far as I can see no traffic is arriving on those ports at 192.168.24.140...

Any other places where I should add/change something...?

Regards,
Evert

lastguru · Mon Jul 26, 2004 8:24 pm

did you specify the protocol of the ports? like "protocol=tcp" in the dst-nat rule?

evert · Mon Jul 26, 2004 8:37 pm

did you specify the protocol of the ports? like "protocol=tcp" in the dst-nat rule?

Yup, set it to TCP...

cmit · Wed Jul 28, 2004 4:05 pm

Perhaps check that no other firewall (or dst-nat) rules placed before the newly added rules "grab" those packets, to they never make it to your new rules.
Also keep an eye on the packet count value in the firewall/dst-nat windows - so you can see if those rules actually process any packets.

evert · Wed Jul 28, 2004 4:09 pm

It's working now!

(The problem was 'caused' by my ISP who had assigned me a new IP, without me knowing about that...) :-/

Thanks for all the help & patience!

Regards,
Evert

cmit · Wed Jul 28, 2004 5:06 pm

You're welcome!