General Questions

I had to replace my trusty ADSL modem with one that could do VDSL2.  It's a FRITZ!Box 7340 configured with the firewall and other extraneous stuff disabled.  On my m0n0wall (v1.3) I changed the WAN interface to DHCP, and everything runs happily except that SMTP and friends are not getting through.  I see them in the logfile as rejected (or blocked, or whatever), and they look like this:

Code:

18:02:25.536512 sis0 @0:14 b 93.189.165.200,54156 -> 192.168.3.101,25 PR tcp len 20 48 -S IN NAT
18:02:16.500618 sis0 @0:14 b 93.189.165.200,54156 -> 192.168.3.101,25 PR tcp len 20 52 -SEC IN NAT

Unfortunately, I can't decipher all the runes.  192.168.3.101 is the correct destination server.
Any suggestions?

I suspect that your new modem is really a router and that it's handing your m0n0wall a private address. Check m0n0wall's Status: Interfaces page: What are you seeing for the WAN IP address?

Indeed, the new "modem" is really a router, and the WAN IP address is indeed a private address; 192.168.178.20.  I wouldn't think this would be a problem on the incoming side, and the packet is obviously coming through and being NAT'ed, but not getting through to the server.  Obviously I'm missing something though.  Maybe I need to include the WAN IPV4 gateway (192.168.178.1) in a static path or something?

What you are missing is that the TCP port 25, while open and forwarded on the m0n0wall, is not open and being forwarded in the router.

The best suggestion I have would be to put the new router into bridging mode and let m0n0wall acquire your public IP address. Most places on DSL these days use PPPoE, so that's what you should try configuring m0n0wall's WAN to use once you get the router into bridging mode.

I agree that the best solution would be to put the new router into bridging mode, but that doesn't seem to be possible. :-(

The firewall on the router is disabled, and if I understand the m0n0wall log, port 25 packets are getting through to the firewall, but they're not making it to the destination server.

Post screenshots of the NAT and Firewall Rules.

Also, from what I have read below, it is possible to put your new device into bridge mode:

http://en.wiki.edpnet.be/index.php/FRITZ!Box_Fon_WLAN_7340_-_bridge_mode

Yeah, I saw that Wikipedia page, which was one of the reasons I got this subscription which included this router.  Unfortunately, my router doesn't have a Settings tab on the Internet Account information page.  It also doesn't have an expert mode, though I think it has just been re-named to "advanced view", which of course I am using.

Pastebins will follow shortly.

I've attached the most interesting rules and NAT pages.  Please let me know if you need more.

The NAT and Rule related to SMTP look OK to me, so long as the alias 'email' points to the correct IP address for the mail server. Having a double NAT situation with private IPs may be the culprit.

The aliases are correct, just like they were before I replaced the modem with a router.  As near as I can tell from the logfile entries, the translation is correct.  I wish I knew more about the details in the raw logfile entries.  I agree that the double NAT is problematic, but it seems to me that it should still be possible.  If not, I'll have to ditch the m0n0wall. :-(