Cannot open port for Mail Server on Orange

General questions.
Post Reply
taufa
Posts: 5
Joined: September 24th, 2017, 8:29 pm

Cannot open port for Mail Server on Orange

Post by taufa » September 24th, 2017, 9:29 pm

My current network is setup as below

DNS/DHCP/Active Directory/Domain Controller Server is on Green (192.168.1.3). It has a record for mx and the host mail server 192.168.2.2
Image

My firewall rules are configured to allow internet only through the web proxy
Image

I've enabled DMZ on the ISP router/Modem (192.168.3.1) and set it to (DMZ = 192.168.2.1)

I've allowed incoming required mail ports (143, 587, 995) in the mail server in-built firewall.

Mail services are listening on 143, 587, 995 in the mail server (192.168.2.2)

From my understand, everything is open to ORANGE except from RED to ORANGE requires port forwarding

I've tried every configuration to allow traffic from RED or Any to ORANGE from http://wiki.ipfire.org/en/configuration ... forwarding

I used http://canyouseeme.org/ and https://www.yougetsignal.com/tools/open-ports/ to test my ports but still cannot see my ports as open. So basically my ports are still closed

I had the same problem before with IPCop and it took me forever to get the right firewall rule configuration. I would really appreciate any help given. Plus I still don't understand how the NAT option works (destination NAT, source NAT) when port forwarding.

taufa
Posts: 5
Joined: September 24th, 2017, 8:29 pm

Re: Cannot open port for Mail Server on Orange

Post by taufa » September 24th, 2017, 9:46 pm

Forgot to mention that IPFire is running on VirtualBox in a Machine with 4 NICs

Each GREEN, RED, ORANGE are bridged to their own ethernet ports and the last port is used for a different connection to Green

fredym
Posts: 219
Joined: November 14th, 2016, 2:45 pm

Re: Cannot open port for Mail Server on Orange

Post by fredym » September 25th, 2017, 6:05 am

taufa wrote:
September 24th, 2017, 9:29 pm
From my understand, everything is open to ORANGE except from RED to ORANGE requires port forwarding
Yes -> do it and it works !
I had the same problem before with IPCop and it took me forever to get the right firewall rule configuration. I would really appreciate any help given. Plus I still don't understand how the NAT option works (destination NAT, source NAT) when port forwarding.
hello,

IMHO it is nonsense
rule
green -> green:53
green -> green:800

there are AFIK no portforwads definded for RED->Orange!

Your mailserver should have a route setting to GREEN and a portforward (all needed ports) ORANGE -> GREEN

Fred

wilbert fontana
Posts: 19
Joined: March 8th, 2013, 9:27 pm

Re: Cannot open port for Mail Server on Orange

Post by wilbert fontana » September 25th, 2017, 8:14 pm

Hi,
can you try this :
Image

fredym
Posts: 219
Joined: November 14th, 2016, 2:45 pm

Re: Cannot open port for Mail Server on Orange

Post by fredym » September 26th, 2017, 6:33 am

Hello,
not sure to give more ports on a field....
did here ONE port per "line" (each port its own rule)
and... say source port -> destination port

from any (?) or specified server to port 25 -forward to - server2:25

and dont forget to set route on server2 (only needed if you want replay "packets" from destination)

Fred

taufa
Posts: 5
Joined: September 24th, 2017, 8:29 pm

Re: Cannot open port for Mail Server on Orange

Post by taufa » September 26th, 2017, 6:57 am

wilbert fontana wrote:
September 25th, 2017, 8:14 pm
Hi,
can you try this :
Image
I still can't open port with this firewall rule, thanks for your help though

wilbert fontana
Posts: 19
Joined: March 8th, 2013, 9:27 pm

Re: Cannot open port for Mail Server on Orange

Post by wilbert fontana » September 26th, 2017, 8:20 am

Sure, it's one port per rule...

Try this one:

Image

taufa
Posts: 5
Joined: September 24th, 2017, 8:29 pm

Re: Cannot open port for Mail Server on Orange

Post by taufa » September 27th, 2017, 7:15 am

This rule still doesn't work.

Thanks for the help guys

User avatar
Arne.F
Core Developer
Core Developer
Posts: 7473
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Cannot open port for Mail Server on Orange

Post by Arne.F » September 27th, 2017, 7:22 am

I've enabled DMZ on the ISP router/Modem (192.168.3.1) and set it to (DMZ = 192.168.2.1)
This is wrong because the modem cannot reach 192.168.2.1, you have set the DMZ to the RED IP of the IPFire (192.168.3.2) to forward the ports.
Arne

Support the project on the IPFire whishlist!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

taufa
Posts: 5
Joined: September 24th, 2017, 8:29 pm

Re: Cannot open port for Mail Server on Orange

Post by taufa » October 3rd, 2017, 4:19 am

Arne.F wrote:
September 27th, 2017, 7:22 am
I've enabled DMZ on the ISP router/Modem (192.168.3.1) and set it to (DMZ = 192.168.2.1)
This is wrong because the modem cannot reach 192.168.2.1, you have set the DMZ to the RED IP of the IPFire (192.168.3.2) to forward the ports.
Thank you so much, that was the problem. I overlooked it, it's working now

Post Reply

Who is online

Users browsing this forum: Drexbengel48, Williamsjek and 2 guests