Firewall/NAT

Hello all
there is my setup
WAN--M0N0--LAN
              |
             DMZ----W2K server (only one for now)

I'm using public IP addresses on the WAN (full class C)  Access router has different IP than M0N0 WAN IP
Access Router X.X.X.1 Mono X.X.X.97

I set server NAT and ACL rules to permit X.X.X.99 for ports 25 110 80 as you can see it is email server with webmail configured.
What I can do:
Connect to Web mail
Telnet to port 25 ( I got SMTP server response )
Telnet to port 110 ( as well got server response)
All looks good with exception that I cannot receive emails from remote servers

MX is setup correctly and if I connect server directly to WAN with x.x.x.99 IP address I can receive emails

best part is that I can see connection logs in SMTP connector on the server
Any help?
Thanx
Michael

PS
M0N0 is quite nice firewall I'm comparing it to comercial products such as PIX501/515 and CheckPoint Edge. I would also like to know if I can setup VLAN tags on LAN interface.

 

What I can do:
Connect to Web mail
Telnet to port 25 ( I got SMTP server response )
Telnet to port 110 ( as well got server response)
All looks good with exception that I cannot receive emails from remote servers

Are you doing this externally or internally?

I would also like to know if I can setup VLAN tags on LAN interface.

see http://wiki.m0n0.ch/wikka.php?wakka=VLAN

What I can do:
Connect to Web mail
Telnet to port 25 ( I got SMTP server response )
Telnet to port 110 ( as well got server response)
All looks good with exception that I cannot receive emails from remote servers

Are you doing this externally or internally?

I would also like to know if I can setup VLAN tags on LAN interface.

see http://wiki.m0n0.ch/wikka.php?wakka=VLAN

External connection for LAN connection I had to change IP address to point DMZ IP

To be more specific:
External-Connection (Using server Public IP) to Email server ports 25,80,110 Web connection works 25/110 telnet works
From Email server to remote server - in the server SMTP log I see communication to remote server.

from LANConnection (using server DMZ IP) to Email server telnet 25/110 works web access works.

sending an email from LAN to server or using web interface.
To mailbox located on email server email sent and received on second mailbox
email sent to remote email server never reach mailbox ( however email server indicate connection WEIRD)

and of course sent email from Hotmail to email server mailbox never reach mailbox however there is entry in log of the mail server ?!?.

when connected directly using public IP can send to and receive from remote server.

What kind of NAT are you trying to use, Inbound/Server or 1:1? How do you have it set up?

yes Inbound ServerNAT

64.X.X.1(AccessRouterISPmanaged)--64.X.X.96WAN--192.168.X.1(DMZ)--192.168.X.20(Email server)

I cannot reboot Access router.

Bit more info after last weekend.

Ok email server behind firewall still doesn't work  shame since I really want to have it on DMZ.

OK PROXY ARP didn't help I did several reboots of M0N0 and email server. the weird part is that when I do telnet lets say with host A record or even MX on port 25  I can connect to it.

Question to all do I need to open DNS port as well doesn't sounds right but I'm trying everything.

Next step: I'm going to install test email  server so I can do tests anytime. Also any experts that would willing to spend bit time with me in real time?  I would really apriciate

you don't need DNS open.

you are probably going to have to reboot the access router. Rebooting m0n0wall and the mail server isn't going to do anything for you, it's the upstream ARP cache that's probably the problem.

hmm thats bad since its out of my reach I will schedule reboot on weekend  thanks for help

while waiting for that, let's review your firewall rules and NAT setup just to make sure you have it all done properly. can you attach screenshots of your inbound NAT and WAN firewall rules screens?