Community discussions

MikroTik App
  4. RouterOS
  5. General

Help ! My dst-nat doesn't work normally!

Post Reply
 
voatec
just joined
Topic Author
Posts: 13
Joined: Sat May 29, 2004 5:58 am
Location: Shanghai, PRC

Help ! My dst-nat doesn't work normally!

Fri Jul 02, 2004 8:06 pm

[admin@VTwall] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Webserver
in-interface=pppoe-out1 dst-address=:80 protocol=tcp action=nat
to-dst-address=192.168.0.6 to-dst-port=80

1 ;;; POP3
in-interface=pppoe-out1 dst-address=:110 protocol=tcp action=nat
to-dst-address=192.168.0.6 to-dst-port=110

2 ;;; IMAP
in-interface=pppoe-out1 dst-address=:143 protocol=tcp action=nat
to-dst-address=192.168.0.6 to-dst-port=143

3 ;;; HTTPS
in-interface=pppoe-out1 dst-address=:443 protocol=tcp action=nat
to-dst-address=192.168.0.6 to-dst-port=443

4 ;;; Terminal Service
in-interface=pppoe-out1 dst-address=:63390 protocol=tcp action=nat
to-dst-address=192.168.0.6 to-dst-port=63390

5 ;;; SMTP
in-interface=pppoe-out1 dst-address=:25 protocol=tcp action=nat
to-dst-address=192.168.0.6 to-dst-port=25
[admin@VTwall] ip firewall rule voatec> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Allow established TCP connections
protocol=tcp connection-state=established action=accept

1 ;;; Allow UDP connections
protocol=udp action=accept

2 ;;; Allow ICMP messages
protocol=icmp action=accept

3 ;;; Allow smtp connections to server at 192.168.0.6
in-interface=pppoe-out1 dst-address=192.168.0.6/32:25 protocol=tcp tcp-options=syn-only
action=accept

4 ;;; Allow http connections to server at 192.168.0.6
in-interface=pppoe-out1 dst-address=192.168.0.6/32:80 protocol=tcp
tcp-options=syn-only action=accept

5 ;;; Allow POP connections to server at 192.168.0.6
in-interface=pppoe-out1 dst-address=192.168.0.6/32:110 protocol=tcp
tcp-options=syn-only action=accept

6 ;;; Allow IMAP connections to server at 192.168.0.6
in-interface=pppoe-out1 dst-address=192.168.0.6/32:143 protocol=tcp
tcp-options=syn-only action=accept

7 ;;; Allow SSL connections to server at 192.168.0.6
in-interface=pppoe-out1 dst-address=192.168.0.6/32:443 protocol=tcp
tcp-options=syn-only action=accept

8 ;;; Allow Terminal Service connections to server at 192.168.0.6
in-interface=pppoe-out1 dst-address=192.168.0.6/32:63390 protocol=tcp
tcp-options=syn-only action=accept

9 ;;; Reject and log everything else
action=reject log=yes
Look, the first 5 dst-nat rule can work fine, but the last one (SMTP) can't work normally.
I try to telnet port number 25, it seems connected, but the connection will be drop in 2 seconds. All smtp connections from mail server outside would be disconnect.
Pls help me.
Top
 
voatec
just joined
Topic Author
Posts: 13
Joined: Sat May 29, 2004 5:58 am
Location: Shanghai, PRC

Sat Jul 03, 2004 1:47 pm

can somebody help me? :cry:
Top
 
voatec
just joined
Topic Author
Posts: 13
Joined: Sat May 29, 2004 5:58 am
Location: Shanghai, PRC

Sat Jul 03, 2004 3:34 pm

but mail from hotmail can be accepted
Top
Post Reply
  4. RouterOS
  5. General