Greetings,
Thank you in advance for you support! We are new to m0n0wall (from logic supply /
http://www.logicsupply.com/products/perimeter_r) and we are currently trying to migrate from older PIX to m0mowall. We are struggling getting our MS Exchange server to accept inbound SMTP traffic, outbound mail is working great; we have also tested the LAN and a web server on a DMZ which all work great.
When we scan the device from the internet, port 25 is not open, even when we think the GUI indicates that it is.
Environment:
http://www.logicsupply.com/products/perimeter_r4 Public IPs, one for the m0n0wall, one for Exchange and one for IIS, one is free ;-)
Configured ServerNAT.
Configured Inbound NAT and allowed m0n0wall to create all of the firewall rules.
10.1.1.0, 10.2.2.0, 10.3.3.0 and 10.4.4.0 internal networks.
Below is our current config file, could you assist us to determine what’s missing to get inbound SMTP to our Exchange box? Thank you again in advanced for your support!
<?xml version="1.0"?>
<m0n0wall>
<version>1.6</version>
<lastchange>1191010828</lastchange>
<system>
<hostname>hwall01</hostname>
<domain>SSSScorp.net</domain>
<username>admin</username>
<password>xxxxxxxxxxxxxxxxxxxx</password>
<timezone>America/Los_Angeles</timezone>
<time-update-interval>300</time-update-interval>
<timeservers>pool.ntp.org</timeservers>
<webgui>
<protocol>http</protocol>
<port/>
<certificate/>
<private-key/>
</webgui>
<harddiskstandby/>
<dnsserver>10.4.4.4</dnsserver>
<dnsserver>xxx.xxx.xxx.15</dnsserver>
</system>
<interfaces>
<lan>
<if>vr1</if>
<ipaddr>10.3.3.10</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
</lan>
<wan>
<if>vr0</if>
<mtu/>
<media/>
<mediaopt/>
<spoofmac/>
<ipaddr>xxx.xxx.xxx.122</ipaddr>
<subnet>29</subnet>
<gateway>xxx.xxx.xxx.121</gateway>
</wan>
<opt1>
<if>sis0</if>
<descr>DMZ</descr>
<ipaddr>10.2.2.10</ipaddr>
<subnet>24</subnet>
<bridge/>
<enable/>
</opt1>
<opt2>
<if>sis1</if>
<descr>SSSS</descr>
<ipaddr>10.1.1.10</ipaddr>
<subnet>24</subnet>
<bridge/>
<enable/>
</opt2>
<opt3>
<if>sis2</if>
<descr>HHHHH</descr>
<ipaddr>10.4.4.10</ipaddr>
<subnet>24</subnet>
<bridge/>
<enable/>
</opt3>
<opt4>
<if>sis3</if>
<descr>OPT4</descr>
<ipaddr>10.2.2.15</ipaddr>
<subnet>8</subnet>
<bridge/>
</opt4>
</interfaces>
<staticroutes>
<route>
<interface>opt2</interface>
<network>10.1.1.0/24</network>
<gateway>10.1.1.10</gateway>
<descr>Static route for SSSS</descr>
</route>
<route>
<interface>opt1</interface>
<network>10.2.2.0/24</network>
<gateway>10.2.2.10</gateway>
<descr>Static route for DMZ</descr>
</route>
<route>
<interface>lan</interface>
<network>10.3.3.0/24</network>
<gateway>10.3.3.10</gateway>
<descr>Static route for LAN</descr>
</route>
<route>
<interface>opt3</interface>
<network>10.4.4.0/24</network>
<gateway>10.4.4.10</gateway>
<descr>Static route for HHHHH</descr>
</route>
</staticroutes>
<pppoe/>
<pptp/>
<bigpond/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
<server/>
<port/>
</dyndns>
<dnsupdate/>
<dhcpd>
<lan>
<enable/>
<range>
<from>10.3.3.75</from>
<to>10.3.3.78</to>
</range>
<defaultleasetime/>
<maxleasetime/>
</lan>
<opt1>
<range>
<from>192.168.2.100</from>
<to>192.168.2.199</to>
</range>
<defaultleasetime/>
<maxleasetime/>
</opt1>
<opt2>
<range>
<from>192.168.3.100</from>
<to>192.168.3.199</to>
</range>
<defaultleasetime/>
<maxleasetime/>
</opt2>
<opt3>
<range>
<from>192.168.4.100</from>
<to>192.168.4.199</to>
</range>
<defaultleasetime/>
<maxleasetime/>
</opt3>
<opt4>
<range>
<from>192.168.5.100</from>
<to>192.168.5.199</to>
</range>
<defaultleasetime/>
<maxleasetime/>
<enable/>
</opt4>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat>
<ipaddr/>
</ipv6nat>
</diag>
<bridge/>
<syslog>
<reverse/>
<nentries>50</nentries>
<remoteserver/>
</syslog>
<nat>
<advancedoutbound/>
<servernat>
<ipaddr>xxx.xxx.xxx.123</ipaddr>
<descr>10.1.1.18/32 HHHEX</descr>
</servernat>
<servernat>
<ipaddr>xxx.xxx.xxx.124</ipaddr>
<descr>10.4.4.4/32 HHHAD</descr>
</servernat>
<servernat>
<ipaddr>xxx.xxx.xxx.125</ipaddr>
<descr>10.2.2.20/32 HHHSG</descr>
</servernat>
<servernat>
<ipaddr>xxx.xxx.xxx.126</ipaddr>
<descr>10.2.2.25/32 HHHWS</descr>
</servernat>
<rule>
<external-address>xxx.xxx.xxx.124</external-address>
<protocol>tcp</protocol>
<external-port>25</external-port>
<target>10.4.4.4</target>
<local-port>25</local-port>
<interface>wan</interface>
<descr>Allow SMTP to HHHAD</descr>
</rule>
<rule>
<external-address>xxx.xxx.xxx.124</external-address>
<protocol>tcp</protocol>
<external-port>110</external-port>
<target>10.4.4.4</target>
<local-port>110</local-port>
<interface>wan</interface>
<descr>Allow POP3 to HHHAD</descr>
</rule>
<rule>
<external-address>xxx.xxx.xxx.124</external-address>
<protocol>udp</protocol>
<external-port>53</external-port>
<target>10.4.4.4</target>
<local-port>53</local-port>
<interface>wan</interface>
<descr>Allow DNS to HHHAD</descr>
</rule>
<rule>
<external-address>xxx.xxx.xxx.126</external-address>
<protocol>tcp</protocol>
<external-port>80</external-port>
<target>10.2.2.25</target>
<local-port>80</local-port>
<interface>wan</interface>
<descr>NAT to HHHWS</descr>
</rule>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>10.4.4.4</address>
<port>110</port>
</destination>
<log/>
<descr>NAT Allow POP3 to HHHAD</descr>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>10.4.4.4</address>
<port>25</port>
</destination>
<log/>
<descr>NAT Allow SMTP to HHHAD</descr>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>udp</protocol>
<source>
<any/>
</source>
<destination>
<address>10.4.4.4</address>
<port>53</port>
</destination>
<log/>
<descr>NAT Allow DNS to HHHAD</descr>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>10.2.2.25</address>
<port>80</port>
</destination>
<descr>NAT NAT to HHHWS</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt4</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<not/>
</destination>
<descr>OPT4 -> any except LAN</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt3</interface>
<source>
<network>opt3</network>
</source>
<destination>
<any/>
</destination>
<descr>Allow HHHHH outbound</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt2</interface>
<source>
<network>opt2</network>
</source>
<destination>
<any/>
</destination>
<descr>Allow SSSS outbound </descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<source>
<network>opt1</network>
</source>
<destination>
<network>lan</network>
<not/>
</destination>
<descr>permit DMZ any not LAN (outbound)</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>Default LAN -> any</descr>
</rule>
<tcpidletimeout/>
</filter>
<shaper/>
<ipsec/>
<aliases/>
<proxyarp>
<proxyarpnet>
<interface>wan</interface>
<network>xxx.xxx.xxx.123/32</network>
<descr>NAT HHHEX</descr>
</proxyarpnet>
<proxyarpnet>
<interface>wan</interface>
<network>xxx.xxx.xxx.124/32</network>
<descr>NAT HHHAD</descr>
</proxyarpnet>
<proxyarpnet>
<interface>wan</interface>
<network>xxx.xxx.xxx.125/32</network>
<descr>NAT HHHSG</descr>
</proxyarpnet>
<proxyarpnet>
<interface>wan</interface>
<network>xxx.xxx.xxx.126/32</network>
<descr>NAT HHHWS</descr>
</proxyarpnet>
</proxyarp>
<wol/>
</m0n0wall>
Topic: can't allow inbound SMTP traffic 