Cisco 827 -> SMTP nat problem!

Cisco 827 -> SMTP nat problem!

Post by gedm » Fri, 30 Jan 2004 16:50:19


ello everybody, I'm searching to nat the port 25 on the diealer0 to
the one of my lan smtp server, but unfortunately it doesn't work at
all :( The strange thing is that all the others forwards work without
problem (port 80,110,149 etc...)! So i thought it could be a
missconfiguration inside the email server, but i checked it more than
once and i didn't find errors. To do another test I configured the
router to nat the port 26 to the internal server port 25 and
everything worked perfectly!

While doing a port scan with a free internet site that does such
things, I noticed that with a minimal configuration of the router the
port 25, 139, 445 results to be filtered/stealth mode without any
policies configured on the router! So I started to think that the
router filter these port by himself ignoring the access-list I created
and so on! I'm not able to see where's the error, and I'll be
gratefull to everybody will be able to give me hints on how to fix
this situation.

I'll attach my router configuration in which you can see that I
enabled smtp, nat etc...

Thank you guys
Cheers

Matteo


c827#sh run
Building configuration...

Current configuration : 3352 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname c827
!
logging rate-limit console 10 except errors
no logging monitor
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
!
username admin password 7 xxxxxxxxxxxxxxxxxxxxxx
clock timezone Rome 1
clock summer-time Rome recurring
mmi polling-interval 60
mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip domain-name xxxxxxxxx
!
ip dhcp pool CLIENT
network 192.168.0.0 255.255.255.0
domain-name xxxxxxxxxxx
default-router 192.168.0.254
dns-server 195.130.224.18 195.130.225.129
lease 0 2
!
no ip dhcp-client network-discovery
!
!
!
interface Ethernet0
description LAN
ip address 192.168.0.254 255.255.255.0
no ip proxy-arp
ip nat inside
no cdp enable
hold-queue 32 in
!
interface ATM0
description INTERNET
bandwidth 640
no ip address
ip access-group 101 in
ip nat outside
no atm ilmi-keepalive
pvc 0/16 ilmi
!
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
no cdp enable
ppp chap hostname xxxxxxxxx
ppp chap password 7 xxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxx password 7 xxxxxxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.252 25 interface Dialer0 25
ip nat inside source static tcp 192.168.0.200 4662 interface Dialer0
4662
ip nat inside source static tcp 192.168.0.252 6881 interface Dialer0
6881
ip nat inside source static tcp 192.168.0.252 6882 interface Dialer0
6882
ip nat inside source static tcp 192.168.0.252 6885 interface Dialer0
6885
ip nat inside source static tcp 192.168.0.252 6884 interface Dialer0
6884
ip nat inside source static tcp 192.168.0.252 6883 interface Dialer0
6883
ip nat inside source static udp 192.168.0.200 4672 interface Dialer0
4672
ip nat inside source static tcp 192.168.0.252 22 interface Dialer0 22
ip
 
 
 

Cisco 827 -> SMTP nat problem!

Post by KR » Fri, 30 Jan 2004 18:35:39


Your ISP is probably blocking these ports. It is not uncommon for ISPs
to block NetBIOS ports to keep out viruses and exploits, and they
usually block port 25 to prevent spam relaying. If that is the case with
your ISP, then there is very little you can do about it.