Port Openings

Unanswered Question
Jul 26th, 2007
User Badges:

I would like to allow outside world to access (smtp) on port 587 instead of traditional port 25. For outlook exchange 2007 server. *** Port 995 is for incoming traffic which replaces standard POP3 port 110.


Please let me know what I need to do and how to do it on the following configruation of my router. Thanks.


ip http server

ip http authentication local

ip http secure-server

ip nat inside source list NAT interface FastEthernet0/1.200 overload

ip nat inside source static 10.1.0.11 216.108.201.35

!

ip access-list extended NAT

deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

deny ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255

permit ip 10.0.0.0 0.255.255.255 any


ip access-list extended Outside

permit tcp 63.146.60.0 0.0.0.255 any eq 22

permit tcp host 64.141.139.190 any eq 22

permit tcp any host 216.109.202.35 eq www

permit tcp any host 216.109.202.35 eq 443

permit tcp any host 216.109.202.36 eq www

permit tcp any host 216.109.202.36 eq 443

permit tcp any host 216.109.202.34 eq smtp

permit tcp any host 216.109.202.34 eq www

permit tcp any host 216.109.202.34 eq 443

permit gre host 65.89.86.102 host 216.109.202.33 log

permit icmp any any echo-reply

permit esp any any

permit udp any any eq isakmp

permit udp any any eq non500-isakmp

deny ip any any log


ip access-list extended Policy-NAT

permit ip host 10.1.0.11 192.168.2.0 0.0.0.255


ip access-list extended Split

permit ip 10.0.0.0 0.255.255.255 any

permit ip 192.168.1.0 0.0.0.255 any


ip access-list extended VoIP

permit tcp 10.1.0.0 0.0.255.255 host 192.168.1.1 eq www

permit tcp 10.1.0.0 0.0.255.255 host 192.168.1.254 eq www

permit tcp 192.168.2.0 0.0.0.255 host 192.168.1.1 eq www

permit tcp 192.168.2.0 0.0.0.255 host 192.168.1.254 eq www


ip access-list extended nat


ip access-list extended outside

permit tcp any host 216.108.201.35 eq 587


ip access-list extended policy-nat

permit ip host 10.1.0.11 192.0.0.0 0.255.255.255


ip access-list extended unlock

permit ip any any

permit gre any any

permit esp any any

permit ahp any any

permit icmp any any

!

access-list 145 permit tcp 216.0.0.0 0.255.255.255 any eq 22

!

!

!

route-map NONAT permit 10

match ip address Policy-NAT

set interface Loopback0

!

!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
purohit_810 Thu, 07/26/2007 - 12:09
User Badges:
  • Silver, 250 points or more

Block the Port 25 smtp... Run your Mail application on 587. Open 587 Port.


And Enjoy.


Regards,

Dharmesh Purohit

mikntwd49508 Thu, 07/26/2007 - 16:25
User Badges:

to block port 25 smtp,I do?

LIke this?????

config t

config#) no ip access-list extended outside

config#) permit any 216.x.x.x eq smtp


Thanks,

rajatsetia Thu, 07/26/2007 - 22:37
User Badges:
  • Bronze, 100 points or more

Hi,


As per your configuration, router has nothing to with your application but to allow or disallow traffic as per access-list applied by you.


As you will be running your smtp application on port other than standard 25 port so change your acccess-list "outside" and permit port 587 towards smtp server.


HTH


rgds

Actions

This Discussion