Port forward (and Multiwan)

  • So I have 2 WAN's one static, one dynamic where dynamic is the default.
    The static WAN is used for DMZ only, which works just fine.

    I've managed to create a port forward from WAN2 port 22 to a DMZ host on port 22 which works great, but it's not the port I need.

    I need 53 and 25 forwarded but I just can't get it to work.
    If I forward 25, tcpdump on the DMZ host says this:
    10:02:14.680412 IP externalhost .16603 > localhost.localdomain.smtp: S 3068046129:3068046129(0) win 8192 <mss 1460,nop,wscale="" 8,nop,nop,sackok="">10:02:14.680444 IP localhost.localdomain > externalhost: ICMP host localhost.localdomain unreachable - admin prohibited, length 60

    If I forward 53, tcpdump on the DMZ host turns up nothing but when I put wireshark next to the WAN2 I get this
    46423 71.781856 externalhost WAN2 Static      DNS Standard query A weha.be.immosafe.local
    46425 71.782461 WAN2 Static externalhost ICMP Destination unreachable (Host administratively prohibited)

    Sidenote: I can't access these ports from the local LAN as well but I can ping the DMZ host (same error occures in tcpdump)

    WAN2 rules:

    DMZ rule:

    Port Forward:

    NAT Outbound:

