SOLVED - Unable to telnet out to external SMPT server

primaryinc · February 22, 2014, 8:02pm

Hi,

I’m new to MikroTik and having a issue getting my exchange to relay mail.
First I did not make any rule to send SMTP traffik from inside out to external.
telnet SMTP.server.com 25 did not connect.
Then I made a src-nat rule that I thought worked, but it loops on my routerboard to internal SMTP server.
And I’m a bit stuck on how to get this to work. Initial I did not think it was needed setting up a rule for SMTP traffic to work out.

Rules:

[admin@PrimaryInc MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; default configuration
     chain=input action=accept protocol=icmp
 1   ;;; default configuration
     chain=input action=accept connection-state=established
 2 X ;;; default configuration
     chain=input action=accept connection-state=related
 3 X ;;; default configuration
     chain=input action=drop in-interface=ether1-gateway
 4   chain=forward action=accept protocol=tcp dst-address=10.0.0.2 dst-port=25
 5   chain=forward action=accept protocol=tcp dst-address=10.0.0.2 dst-port=3392
 6   chain=forward action=accept protocol=tcp dst-address=10.0.0.19 dst-port=3393
 7   chain=forward action=accept protocol=tcp dst-address=10.0.0.19 dst-port=54930
 8   chain=forward action=accept protocol=udp dst-address=10.0.0.19 dst-port=54930
 9   chain=forward action=accept protocol=tcp dst-address=10.0.0.12 dst-port=80
10   chain=forward action=accept protocol=tcp dst-address=10.0.0.2 dst-port=443
11   chain=forward action=accept protocol=tcp dst-address=10.0.0.21 dst-port=3397
12   chain=forward action=accept protocol=tcp dst-address=10.0.0.44 dst-port=3403
13   chain=forward action=accept protocol=tcp dst-address=10.0.0.35 dst-port=3401
14   chain=forward action=accept protocol=tcp dst-address=10.0.0.50 dst-port=5005
15   chain=forward action=accept protocol=tcp dst-address=10.0.0.19 dst-port=45633
16   chain=forward action=accept protocol=tcp dst-address=10.0.0.20 dst-port=3404
17 X chain=output action=passthrough protocol=tcp src-address=10.0.0.2 src-port=25

NAT:

[admin@PrimaryInc MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=srcnat action=accept src-address=10.0.0.0/24 dst-address=10.1.1.0/24
 1   chain=srcnat action=masquerade out-interface=pppoe-out1
 2   chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=25 protocol=tcp dst-port=25
 3   chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=3389 protocol=tcp dst-port=3392
 4   chain=dstnat action=dst-nat to-addresses=10.0.0.19 to-ports=3389 protocol=tcp dst-port=3393
 5   chain=dstnat action=dst-nat to-addresses=10.0.0.19 to-ports=54930 protocol=tcp dst-port=54930
 6   chain=dstnat action=dst-nat to-addresses=10.0.0.19 to-ports=54930 protocol=udp dst-port=54930
 7   chain=dstnat action=dst-nat to-addresses=10.0.0.12 to-ports=80 protocol=tcp dst-address=EXT IP dst-port=80
 8   chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=443 protocol=tcp dst-address=EXT IP dst-port=443
 9   chain=dstnat action=dst-nat to-addresses=10.0.0.44 to-ports=3389 protocol=tcp dst-port=3403
10   chain=srcnat action=src-nat to-addresses=84.49.246.65 protocol=tcp out-interface=all-ppp
11   chain=dstnat action=dst-nat to-addresses=10.0.0.35 to-ports=3389 protocol=tcp dst-port=3401
12   chain=dstnat action=dst-nat to-addresses=10.0.0.50 to-ports=5005 protocol=tcp dst-port=5005
13   chain=dstnat action=dst-nat to-addresses=10.0.0.19 to-ports=45633 protocol=tcp dst-port=45633
14   chain=dstnat action=dst-nat to-addresses=10.0.0.21 to-ports=3389 protocol=tcp dst-port=3397
15   chain=dstnat action=dst-nat to-addresses=10.0.0.20 to-ports=3389 protocol=tcp dst-port=3404

PS!! Nat rule 10 I’ve played around with. And current rule is wrong.
Thanks for any help provided

/Kenneth

primaryinc · February 24, 2014, 11:25am

I actually after lots of googe’ling, found that I had to eater had to put my external IP on dest address IP or put my WAN interface on In interface.