Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT with Mail Server, alway blocked [RESOLVED]

    Scheduled Pinned Locked Moved NAT
    7 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alberts
      last edited by

      I have a mail server in a dmz that can't send or receive mail.  I have added a port forward NAT entry that looks like the following:

      and a rule that looks like the following:

      In my log, I see that I am getting entries showing a source wan address on a random port trying to a destination of my mail server on port 25 being blocked.

      The rule I added doesn't specify any incoming port range, only destination of port 25, so I don't see why that doesn't allow it.  The only thing I can think of, is the NAT rule only allows incoming port 25 to destination port 25.  In this case, the incoming is a random high port.

      Am I doing something fundamentally wrong here?

      Thanks in advance for your help.

      1 Reply Last reply Reply Quote 0
      • S
        SFM
        last edited by

        I think you have to change the WAN source address to anyone.

        If you are having issues sending email out on the DMZ you may be blocking it there.
        Set a rule on the DMZ to allow all out to get it working.

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          SFM is right. Why didn't you let the rule be autocreated?

          1 Reply Last reply Reply Quote 0
          • A
            alberts
            last edited by

            I did let the rule be autocreated.  It didn't work.  I've also tried modifying the autocreated rules, making my own, rebooting, etc.  I did find one time, when I couldn't get anything to NAT to the DMZ, I rebooted and it worked.  At the time, I was only trying to get port 80 to work.  Now I'm having the same problem with port 25, but rebooting didn't help.
            SMF suggested changing the WAN source address to any.  I didn't see any way to do that for the rule, but I did try switching the NAT port forward rule for WAN external address to any, and it didn't help.  That is what it is still at now.  I also have a rule to allow all to go out for the DMZ.  I still can't seem to send anything.  At this point, I'd rather worry about being able to receive mail than send.

            Here are my complete set of NAT port forward, and WAN and DMZ rules:

            NAT:

            WAN Rules:

            DMZ Rules:

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              Delete everything (firewallrules and NAT) and start over:

              Create simply portforwards at firewall>nat, portforward. let the rules be autocreated. When you created all your forwards give it a reboot. It should work now. We are just testdriving 1.0.1. With that release the reboots won't be neccessary anymore.

              1 Reply Last reply Reply Quote 0
              • A
                alberts
                last edited by

                Thank you.  That fixed the problem.  I didn't realize you have to reboot after you add NAT rules.

                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by

                  It's (unfortunately) a bug. You won't have to reboot with version 1.0.1. This bug doesn't appear always and with all configurations which made it a bit hard to find but it's already fixed.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.