Hotspot port 25 firewall Problem need help please

RouterOS Wireless Networking
1

Hi All,

hope somebody can help me. I run User manager on a central server controlling remote access point around my network. all works brilliantly except one thing.

Every now and again the Dynamic firewall rules that the user manager puts in the remote access points include a line relating to port 25 “see pic” when this appears wireless clients are blocked from using port 25 to send mail. I have to manually go in to the AP and delete the rule then everything is fine untill it pops up again, usually after a reboot.
hotspot rules.jpg
Many thanks in advance

Hotspot and SMTP problem
2

That is part of how the proxy works and is a dynamic rule generated by the router, as indicated by the D. Don’t delete router generated dynamic rules, you may break the entire Hotspot.

If you want clients to be able to send mail when not authenticated, insert a walled garden IP level rule that accepts all tcp/25 traffic. Because the rule is red (jumps to a chain that doesn’t exist, but would if you filled out the SMTP proxy field for the Hotspot server profile) it doesn’t actually do anything. If it’s red and has an I next to it (invalid, and will not be evaluated) whatever mail issue you have isn’t related to that rule.

3

Thanks for the reply. I put a rule in the walled garden and that has solved the issue.

However, as wierd as it is, I can confirm most definately that this rule blocks port 25 traffic. I disable traffic passes, enable it traffic stops.

4

Post the output of “/ip firewall nat print all” and “/ip firewall filter print all”.

5

Firewall Nat:

lags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client

1 I chain=hotspot action=jump jump-target=pre-hotspot

2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53

3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53

4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp
hotspot=local-dst dst-port=80

5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp
hotspot=local-dst dst-port=443

6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp
hotspot=!auth

7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth

8 D chain=hs-unauth action=return src-address=“My Public ip”
in-interface=wlan1

Firewall filter :

Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=accept protocol=tcp dst-port=3074

1 chain=forward action=accept protocol=udp dst-port=3074

2 chain=forward action=accept protocol=udp src-port=3074

3 chain=forward action=accept protocol=tcp src-port=3074

4 D chain=forward action=jump jump-target=hs-unauth
hotspot=from-client,!auth

5 D chain=forward action=jump jump-target=hs-unauth-to
hotspot=to-client,!auth

6 D chain=input action=jump jump-target=hs-input hotspot=from-client

7 I chain=hs-input action=jump jump-target=pre-hs-input

8 D chain=hs-input action=accept protocol=udp dst-port=64872

9 D chain=hs-input action=accept protocol=tcp dst-port=64872-64875

6

There are a whole bunch of rules missing from that compared to recent versions.
What version are you running? Did you remove some rules manually?

7

I am using 3.80 I have not deleted anything.

8

3.8 is very, very old. If you have further issues I would recommend upgrading to 4.11 - or at least the latest legacy version, 3.30.

9

ok i will try that thanks

10

hello, i’m having the same problem. i have just upgraded to 5.2 and still same problem. my customers cannot send emails through outlook or any other desktop email client. i tried the walled garden and it doesn’t work :frowning: any help please ?