Greetings;
I have a system running ClearOS Community Edition 6.6-1 from a fresh install. I've setup the system on a hosted provider and most standard functions appear to be working correctly. I've run into an odd issue with port forwarding. I have the server setup in Gateway mode, and setup a port forward rule to for port 26 to port 25 on the internal network due to some ISPs blocking port 25. I can not get this to work. I can open the port using the web tool, and see the rule appear when I run service firewall status, but I can not connect from the outside. If I stop the firewall, my port forwarding starts working and I can connect. I feel like I must be missing some base concept in the configuration, I thought I could just enter the forwarding rule and open the port in the web interface and be done. Please advise any suggestions;
Thanks;
Billy
I have a system running ClearOS Community Edition 6.6-1 from a fresh install. I've setup the system on a hosted provider and most standard functions appear to be working correctly. I've run into an odd issue with port forwarding. I have the server setup in Gateway mode, and setup a port forward rule to for port 26 to port 25 on the internal network due to some ISPs blocking port 25. I can not get this to work. I can open the port using the web tool, and see the rule appear when I run service firewall status, but I can not connect from the outside. If I stop the firewall, my port forwarding starts working and I can connect. I feel like I must be missing some base concept in the configuration, I thought I could just enter the forwarding rule and open the port in the web interface and be done. Please advise any suggestions;
Thanks;
Billy
In Firewall
Share this post:
Responses (5)
-
Accepted Answer
So the SMTP server is running on the ClearOS box. If so, do not use port forwarding. You will probably need a custom firewall rule something like:
I don't think you need to open incoming port 26 as the PREROUTING rule takes precedence.iptables -t nat -I PREROUTING -i ethX -s 194.62.204.0/22 -p tcp --dport 26 -j REDIRECT --to-port 25
In the above rule:
- change ethX to the ClearOS WAN port or drop the "-i ethX" bit
- either drop the "-s 194.62.204.0/22" bit or match it to your WAN IP if you want to restrict port 26 usage to only a few IP's.
You should be able to check from home by telnet'ing to port 26. You can also test port 26 being open by using an internet port scanner such as Shields Up. -
Accepted Answer
Good Morning;
I'm sorry I'm unclear, maybe some pictures will help. Here is my setup.
When I run "service firewall stop" I can connect on port 26 from home. I still can't connect on 25, but I'm not sure if that is Comcast or not. From Bluehost, I can't connect to either port now, I'm not sure why. -
Accepted Answer
I'm confused about your set up here. As you were talking about port forwarding I assumed you were running your mail server on something behind ClearOS. Is that correct? From what you are saying I am wondering if your mail server is in a data centre and you are trying to test it from home but can't because your ISP is blocking port 26? If that is the case can you relay via your ISP's mail server. This is quite a common set up. Alternatively you can try sending on a different port but you need to set up the mail server to listen on that port or redirect it back to port 25 at the data centre. -
Accepted Answer
Good Afternoon;
Thank you for your reply.
My ISP blocks port 25, but not all do. I'm trying to setup a test server for use with development. Most of my customers use a commercial service that doesn't block ports, but I work from home. My server is hosted in a data center that doesn't block ports. I can run the MX Super tool, and it sees the server. When I test from other sites, I can not. Sadly, the product I'm working with (StreamServe) doesn't support SSL or TLS or I would use that since it's more secure anyways. I've tried both Port Forwarding, Opening the Port in the Firewall, and both. Like I said, if I turn the firewall off however, everything works.
Thanks;
Billy -
Accepted Answer
Missed this post. There is a difference between port forwarding and opening. Forwarding is for any traffic through ClearOS to the LAN behind and opening is for traffic for ClearOS only. You should only use one of them for any port.
Can I ask why you are using 25 if your ISP blocks it? You can't be using it as a straight forward mailserver as no one from the outside can contact you as they must have 25. You can only use it for relaying your own traffic which knows about the switch of ports. Have you considered using 465 (SMTP/SSL) or 587 (STARTTLS) instead?
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »