Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[skogmannen]

I am trying to set up a DFL-210 to allow all outgoing traffic, and block all incoming (the default);
Except SMTP traffic to my mail server which is on my LAN.

I have set everything up exactly as explained in ftp://ftp.dlink.co.uk/dfl_firewall/dfl-210/DFL-800_1600_2500-PortForwarding_SMTP.pdf this link. But I am still not able to receive my e-mail, nor telnet port 25 on the WAN IP address.

Do anyone have an idea whats wrong? Or what I may try?



Thank you, Skogmannen 

[danilovav]

If you use allow as second rule, don't forget to specify DFL as default gateway on server.

And, did you check - maybe your ISP blocks SMTP traffic?

[skogmannen]

If you use allow as second rule, don't forget to specify DFL as default gateway on server.

And, did you check - maybe your ISP blocks SMTP traffic?

Thanks for your response Danilovav!

I am using the allow as the second rule, and the DFL is the default gateway on the server.
I've also tried to use NAT on this rule, but the result were no different. Nothing getting through.

And I know for sure that my ISP doesn't block SMTP, on my old firewall the mail gets through.


Skogmannen

[danilovav]

Small idea... Do you test your port outside of DFL? Or from LAN?

[skogmannen]

Small idea... Do you test your port outside of DFL? Or from LAN?

I've tried both telnet from a computer on the LAN (to the WAN ip) and http://www.canyouseeme.org/.
They both say port 25 is blocked.


Skogmannen

[danilovav]

"Classic" (by FAQ) SAT+Allow rules make only external access. To allow connect from LAN, you need to make NAT loopback
SAT lan/lannet core/wan1_ip yourservice (new dest = privatehost)
NAT lan/lannet core/wan1_ip yourservice

But very strange seems external check failed. Check logs when you try to test.

[skogmannen]

I'll post my setup, maybe someone can spot an error..

IP RULES
1      ping_fw      Allow      lan      lannet      core      lan_ip      ping-inbound
2     lan_to_wan (folder)                            
3     smtp_SAT     SAT      wan     all-nets     core     wan_ip     smtp-in
4     smtp_inn     Allow     wan     all-nets     core     wan_ip     smtp-in
*The first two are from the default setup (unaltered)

INTERFACE ADDRESSES
 dmz_ip      172.17.100.254      IPAddress of interface dmz
 dmznet      172.17.100.0/24      The network on interface dmz
 lan_ip      172.16.37.1         IPAddress of interface lan
 lannet      172.16.37.0/24      The network on interface lan
 server      172.16.37.50      The local server
 wan_dns1      *.*.0.100         Primary DNS server for interface wan
 wan_dns2      *.*.0.200         Secondary DNS server for interface wan
 wan_gw      *.*.167.89         Default gateway for interface wan
 wan_ip      *.*.167.92         IPAddress of interface wan
 wannet      *.*.167.88/29      The network on interface wan



Skogmannen

[danilovav]

It looks OK... See logs... What messages you see when try to check port from outside?

[skogmannen]

Well... I've plugged the DFL-210 in again, same configuration as yesterday...

...And today it's working! 



Thank you for the help, and sorry for wasting your time, Danilovav



Skogmannen