Cisco 827 -> SMTP nat problem!

Cisco 827 -> SMTP nat problem!

Post by gedm » Fri, 30 Jan 2004 16:50:19

ello everybody, I'm searching to nat the port 25 on the diealer0 to
the one of my lan smtp server, but unfortunately it doesn't work at
all :( The strange thing is that all the others forwards work without
problem (port 80,110,149 etc...)! So i thought it could be a
missconfiguration inside the email server, but i checked it more than
once and i didn't find errors. To do another test I configured the
router to nat the port 26 to the internal server port 25 and
everything worked perfectly!

While doing a port scan with a free internet site that does such
things, I noticed that with a minimal configuration of the router the
port 25, 139, 445 results to be filtered/stealth mode without any
policies configured on the router! So I started to think that the
router filter these port by himself ignoring the access-list I created
and so on! I'm not able to see where's the error, and I'll be
gratefull to everybody will be able to give me hints on how to fix
this situation.

I'll attach my router configuration in which you can see that I
enabled smtp, nat etc...

Thank you guys


c827#sh run
Building configuration...

Current configuration : 3352 bytes
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname c827
logging rate-limit console 10 except errors
no logging monitor
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
username admin password 7 xxxxxxxxxxxxxxxxxxxxxx
clock timezone Rome 1
clock summer-time Rome recurring
mmi polling-interval 60
mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip domain-name xxxxxxxxx
ip dhcp pool CLIENT
domain-name xxxxxxxxxxx
lease 0 2
no ip dhcp-client network-discovery
interface Ethernet0
description LAN
ip address
no ip proxy-arp
ip nat inside
no cdp enable
hold-queue 32 in
interface ATM0
description INTERNET
bandwidth 640
no ip address
ip access-group 101 in
ip nat outside
no atm ilmi-keepalive
pvc 0/16 ilmi
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
dsl operating-mode auto
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
no cdp enable
ppp chap hostname xxxxxxxxx
ppp chap password 7 xxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxx password 7 xxxxxxxxxxxxx
ip classless
ip route Dialer0
no ip http server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 25 interface Dialer0 25
ip nat inside source static tcp 4662 interface Dialer0
ip nat inside source static tcp 6881 interface Dialer0
ip nat inside source static tcp 6882 interface Dialer0
ip nat inside source static tcp 6885 interface Dialer0
ip nat inside source static tcp 6884 interface Dialer0
ip nat inside source static tcp 6883 interface Dialer0
ip nat inside source static udp 4672 interface Dialer0
ip nat inside source static tcp 22 interface Dialer0 22

Cisco 827 -> SMTP nat problem!

Post by KR » Fri, 30 Jan 2004 18:35:39

Your ISP is probably blocking these ports. It is not uncommon for ISPs
to block NetBIOS ports to keep out viruses and exploits, and they
usually block port 25 to prevent spam relaying. If that is the case with
your ISP, then there is very little you can do about it.