How do I make my SMTP server available for the outside world

RouterOS General
1

Hi everyone!

Got my Mikrotik unit up and running, and access to the Internet works fine. But… I seem to have troubles with connections towards my mail server?

Which rule(s)/settings do I need to make people who go to port 25 on my public IP end up at port 25 of private IP 192.168.24.140 ?

Regards,
Evert

2

Which rule(s)/settings do I need to make people who go to port 25 on my public IP end up at port 25 of private IP 192.168.24.140 ?

/ip firewall dst-nat
add action=nat dst-address=PUBLIC.IP.ADD.RESS/32:25
to-dst-address=192.168.24.140

That should get it for you.

3

Thanks, I’ll give it a try…! :slight_smile:


PS. Is it also possible to do that rule without entering my public IP? It’s semi-dynamic, and I’d hate to have to edit all my rules when/if it changes… :wink:


Regards,
Evert

4

If you want to redirect ALL your SMTP traffic to the local address, you can set only the dst-port=25 and to-dst-address=local_IP:port without setting your public IP.

5

Wouldn’t that prevent that local server from sending SMTP out?
(if all SMTP is redirected to 192.168.24.140, wouldn’t that have 192.168.24.140 send all outgoing email to itself, instead of the correct destination?)


Regards,
Evert

6

No - just redirect all SMTP traffic coming IN on your public interface. So this won’t interfere with outgoing SMTP traffic (which is coming IN on your “private” interface).

7

Hmm, doesn’t seem to work… :confused:
I just tried a ‘telnet http://www.poboxes.info 25’ from an external IP, and don’t get connected to the SMTP server…


Regards,
Evert

8

You’ll have to add an additional firewall rule in the forward chain to permit the traffic - see my post in this thread; http://bruno.pmi.lv/phpbb2/viewtopic.php?t=366&highlight=.

9

Hmm, still nothing… :confused:

I’ve used your example for both port 25 & 80, but as far as I can see no traffic is arriving on those ports at 192.168.24.140… :cry:

Any other places where I should add/change something…?


Regards,
Evert

10

did you specify the protocol of the ports? like “protocol=tcp” in the dst-nat rule?

11

Yup, set it to TCP…

12

Perhaps check that no other firewall (or dst-nat) rules placed before the newly added rules “grab” those packets, to they never make it to your new rules.
Also keep an eye on the packet count value in the firewall/dst-nat windows - so you can see if those rules actually process any packets.

13

It’s working now! :smiley:

(The problem was ‘caused’ by my ISP who had assigned me a new IP, without me knowing about that…) :-/


Thanks for all the help & patience! :slight_smile:




Regards,
Evert

14

You’re welcome! :smiley: