Hi,
I have fowarded a few ports for my mail server. The problem is, any traffic from that server the ports are forwarded to, to the outside world on those ports loops back.
In essence:
Port 25 goes to 192.168.200.106
If 192.168.200.106 tries to connect to gmail-smtp-in.l.google.com over port 25, it actually connects right back to itself on port 25. This is not a DNS issue, as gmail-smtp-in.l.google.com correctly resolves to 209.85.232.27. All other traffic not on this forwarded port makes it through successfully. Even other devices on this network trying to connect to anything on port 25 end up going back to 192.168.200.106. The weird thing is, the connections menu under ip, firewall in Winbox shows a connection from the system to the proper IP over port 25.
As that image shows, the connection should be to the external gmail server, but it is instead looped back, as evidenced by the telnet connection I have used to test this.
Here are the relevant firewall rules:
This is the port forwarding rule:
add action=dst-nat chain=dstnat comment=Mail dst-port=25,465,587,995 \
log-prefix=vpn protocol=tcp to-addresses=192.168.200.106
Here is my hairpin NAT rule:
add action=masquerade chain=srcnat comment=Hairpin dst-address=192.168.200.0/24 \
log-prefix=same-subnet src-address=192.168.200.0/24
The weird thing is, disabling this hairpin NAT rule doesn’t fix the issue, but it simply prevents me from being able to connect anything over port 25. All devices on the network are unable to connect once I do this over port 25, to any server.
I am completely unsure of what to do because of this. I have forwarded port 80 and 443 to the same server, and yet can access other sites just fine. Here is the port 80 and 443 rule:
add action=dst-nat chain=dstnat comment=https,http dst-address-type=local \
dst-port=443,80 log-prefix="http(s)" protocol=tcp to-addresses=\
192.168.200.106
If anyone can help, that would be very helpful, as I have no clue where to go from here.
).