Forums

Resolved
0 votes
Hello --

Relatively new user here. I have just about everything working except this one small yet important thing. I need to force SMTP traffic out eth1's WAN interface. You'd think that would be easy, right? Just add a "Destination Port Rule". I did that, and it doesn't seem to work. I can't even telnet out the SMTP port directly from the ClearOS system either. But it works from eth1's router interface so I know I'm allowing it out.

Any ideas, or logfiles to check? http://www.clearfoundation.com/media/kunena/attachments/legacy/images/clearOS_.jpg
Sunday, August 17 2014, 05:41 PM
Share this post:
Responses (6)
  • Accepted Answer

    Thursday, August 21 2014, 12:38 PM - #Permalink
    Resolved
    0 votes
    Thank you for your help. I ended up having other issues with the firewall last night, and after 3 hours (including a fresh install), I gave up and put pfsense on.

    Thanks and have a good trip!

    Greg
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 21 2014, 09:28 AM - #Permalink
    Resolved
    0 votes
    Greg Smythe wrote:
    I saw that too, in my searches. It says it's only for SMTP traffic originating from the ClearOS box itself so I didn't give it a try.
    That is why I said to try the port 25 method and not the owner method.

    I'm not going to be able to help any more as I am away tomorrow travelling until September. I don't know MultiWAN either but can generally muddle through it.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 21 2014, 12:31 AM - #Permalink
    Resolved
    0 votes
    I saw that too, in my searches. It says it's only for SMTP traffic originating from the ClearOS box itself so I didn't give it a try.

    I'm really having trouble with multi-WAN and 1-1 NAT. If I put in 1-1 NAT rules, it kills my outbound internet access....
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 18 2014, 09:25 PM - #Permalink
    Resolved
    0 votes
    This is very old and for ClearOS 5.x so the details may have changed in 6.x but it gives you the idea of what you can do. As the mailserver is not on ClearOS you can only use the port based method and not the owner based method. You will also need to check which routing tables exist and what they are called now.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 18 2014, 08:56 PM - #Permalink
    Resolved
    0 votes
    I have a mail server that sits behind the ClearOS system:

    MailServer->ClearOS->Internet

    If I disable eth2, then I am able to telnet to external SMTP ports all day from my mail server. Is there some other setting I am missing? The mail server has a 1-1NAT entry for both WAN Interfaces (all protocols are forwarded, I'm doing inbound filtering on my routers).

    Thanks,
    Greg
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 18 2014, 07:57 AM - #Permalink
    Resolved
    0 votes
    Hi Greg,

    I have exactly the same sort of configuration as yourself, and I have a destination port rule (although for a ppp interface), the logic should be the same, and this works as expected. well I think so anyway! are you using clear as the mail server, or do you have lan clients accessing an external SMTP? what happens if you try and telnet to an smtp server externally using a client on your lan? It's just possible that the internal mail server may have its route defined elsewhere, and this will not play nicely with the port rule.
    The reply is currently minimized Show
Your Reply