D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: skogmannen on March 18, 2010, 10:19:50 AM

Title: DFL-210 - SMTP server on lan
Post by: skogmannen on March 18, 2010, 10:19:50 AM: I am trying to set up a DFL-210 to allow all outgoing traffic, and block all incoming (the default);
Except SMTP traffic to my mail server which is on my LAN.

I have set everything up exactly as explained in ftp://ftp.dlink.co.uk/dfl_firewall/dfl-210/DFL-800_1600_2500-PortForwarding_SMTP.pdf (ftp://ftp.dlink.co.uk/dfl_firewall/dfl-210/DFL-800_1600_2500-PortForwarding_SMTP.pdf) this link. But I am still not able to receive my e-mail, nor telnet port 25 on the WAN IP address.

Do anyone have an idea whats wrong? Or what I may try?

Thank you, Skogmannen :)
Title: Re: DFL-210 - SMTP server on lan
Post by: danilovav on March 18, 2010, 01:21:36 PM: If you use allow as second rule, don't forget to specify DFL as default gateway on server.

And, did you check - maybe your ISP blocks SMTP traffic?
Title: Re: DFL-210 - SMTP server on lan
Post by: skogmannen on March 18, 2010, 02:53:59 PM: Quote from: danilovav on March 18, 2010, 01:21:36 PM
If you use allow as second rule, don't forget to specify DFL as default gateway on server.

And, did you check - maybe your ISP blocks SMTP traffic?

Thanks for your response Danilovav!

I am using the allow as the second rule, and the DFL is the default gateway on the server.
I've also tried to use NAT on this rule, but the result were no different. Nothing getting through.

And I know for sure that my ISP doesn't block SMTP, on my old firewall the mail gets through.

Skogmannen
Title: Re: DFL-210 - SMTP server on lan
Post by: danilovav on March 18, 2010, 09:16:45 PM: Small idea... Do you test your port outside of DFL? Or from LAN?
Title: Re: DFL-210 - SMTP server on lan
Post by: skogmannen on March 19, 2010, 01:59:48 AM: Quote from: danilovav on March 18, 2010, 09:16:45 PM
Small idea... Do you test your port outside of DFL? Or from LAN?

I've tried both telnet from a computer on the LAN (to the WAN ip) and http://www.canyouseeme.org/ (http://www.canyouseeme.org/).
They both say port 25 is blocked.

Skogmannen
Title: Re: DFL-210 - SMTP server on lan
Post by: danilovav on March 19, 2010, 02:12:49 AM: "Classic" (by FAQ) SAT+Allow rules make only external access. To allow connect from LAN, you need to make NAT loopback
SAT lan/lannet core/wan1_ip yourservice (new dest = privatehost)
NAT lan/lannet core/wan1_ip yourservice

But very strange seems external check failed. Check logs when you try to test.
Title: Re: DFL-210 - SMTP server on lan
Post by: skogmannen on March 19, 2010, 04:05:53 AM: I'll post my setup, maybe someone can spot an error..

IP RULES 1 ping_fw Allow lan lannet core lan_ip ping-inbound 2 lan_to_wan (folder) 3 smtp_SAT SAT wan all-nets core wan_ip smtp-in 4 smtp_inn Allow wan all-nets core wan_ip smtp-in *The first two are from the default setup (unaltered) INTERFACE ADDRESSES dmz_ip 172.17.100.254 IPAddress of interface dmz dmznet 172.17.100.0/24 The network on interface dmz lan_ip 172.16.37.1 IPAddress of interface lan lannet 172.16.37.0/24 The network on interface lan server 172.16.37.50 The local server wan_dns1 *.*.0.100 Primary DNS server for interface wan wan_dns2 *.*.0.200 Secondary DNS server for interface wan wan_gw *.*.167.89 Default gateway for interface wan wan_ip *.*.167.92 IPAddress of interface wan wannet *.*.167.88/29 The network on interface wan

Skogmannen
Title: Re: DFL-210 - SMTP server on lan
Post by: danilovav on March 19, 2010, 07:22:32 AM: It looks OK... See logs... What messages you see when try to check port from outside?
Title: Re: DFL-210 - SMTP server on lan
Post by: skogmannen on March 19, 2010, 08:15:08 AM: Well... I've plugged the DFL-210 in again, same configuration as yesterday...

...And today it's working! :)

Thank you for the help, and sorry for wasting your time, Danilovav :-[

Skogmannen