NAT mail server internet

Unanswered Question
Oct 30th, 2007

Hi,

I would access my mail server from outside my lan.

I had configure follow instructions, but i still not having access to my mail server by my mail client from outside of lan.

Could anybody help me?

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname mtech_lab_dti_csco

!

boot-start-marker

boot-end-marker

!

!

no network-clock-participate slot 1

no network-clock-participate wic 0

aaa new-model

!

!

aaa session-id common

ip subnet-zero

ip cef

!

!

!

no ftp-server write-enable

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.248 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 41.x.x.253 255.255.254.0

ip nat outside

duplex auto

speed auto

!

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.0.6 110 41.223.40.253 110 extendable

ip nat inside source static tcp 192.168.0.6 25 41.223.40.253 25 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 41.223.40.1

FastEthernet0/0

ip http server

!

access-list 1 permit any

!

line con 0

line aux 0

line vty 0 4

transport input telnet

!

!

!

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kevin Dorrell Tue, 10/30/2007 - 07:07

I cannot see anything wrong with that. Have you tried:

access-list 6 192.168.0.6

debug ip nat 6

?

Kevin Dorrell

Luxembourg

Kevin Dorrell Thu, 11/01/2007 - 11:07

Antonio, that wasn't supposed to solve the problem. It was supposed to let you see what is going on so we can debug it. Did you get any debug output from it? If so, could you post it please?

Kevin Dorrell

Luxembourg

Antonio Brandao Mon, 11/05/2007 - 07:59

Hi Kevin,

when a put this line :

- access-list 6 192.168.0.6

router returns follow error

- % Invalid input detected at '^' marker.

Could you review the code that you sent to me ?

Att

AB

thotsaphon Mon, 11/05/2007 - 08:23

Hi Antonio.

your existing configuration should be OK.I wanna ask you questions.

-Are you using 255.255.254.0 for the fastethernet 0/1?

-Are you using POP3 for getting mails from the outside?

-Can you perfectly use mail clients from inside?

-To make sure that you use the name for referencing the mail server in your mail client configuration. Lets say mailtest.xxxx.com.

-To make sure that you can resolve mailtest.xxxx.com from the internet to 41.223.40.253.

IF YOU ARE USING IP ADDRESS : 192.168.0.6 for doing that. YOU SHOULD NOT USE POP3 from the outside.

Hopes this helps

Thot

Antonio Brandao Mon, 11/05/2007 - 08:42

Hi thot, follow my answers :

-Are you using 255.255.254.0 for the fastethernet 0/1?

Yes, is a subnet range of our outside Network.

-Are you using POP3 for getting mails from the outside?

Yes, our mail server is in our inside network

-Can you perfectly use mail clients from inside?

Yes, no problem

-To make sure that you use the name for referencing the mail server in your mail client configuration. Lets say mailtest.xxxx.com.

I'm putting direct ip address in my mail client

41.223.40.253:110

41.223.40.253:25

-To make sure that you can resolve mailtest.xxxx.com from the internet to 41.223.40.253.

IF YOU ARE USING IP ADDRESS : 192.168.0.6 for doing that. YOU SHOULD NOT USE POP3 from the outside.

Why ? Which other way to do this ?

Im very confused with this problem.

AB

thotsaphon Mon, 11/05/2007 - 18:57

Hi Antonio

Good to know you use the fixed IPs for referencing the mail server.

Is there any connection from the outside or not? we need to verify this step first.when you try to access the mail sever from the outside please let me know what you see when you do "sh ip nat translation | inc :25|:100".

Hopes this helps

Thot

Antonio Brandao Tue, 11/06/2007 - 08:25

Hi Thot,

Follow the output :

mtech_lab_dti_csco#sh ip nat translation | inc :25|:110

tcp 41.223.40.253:110 192.168.0.6:110 41.223.40.1:33945 41.223.40.1:33945

tcp 41.223.40.253:25 192.168.0.6:25 41.223.40.1:36232 41.223.40.1:36232

tcp 41.223.40.253:25 192.168.0.6:25 --- ---

tcp 41.223.40.253:110 192.168.0.6:110 --- ---

Antonio

Antonio Brandao Tue, 11/06/2007 - 08:34

Hi Kevin

Follow the outputs :

mtech_lab_dti_csco#

*Mar 2 08:59:10.977: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3208]

*Mar 2 08:59:13.974: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3209]

*Mar 2 08:59:14.848: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45608]

*Mar 2 08:59:17.845: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45609]

*Mar 2 08:59:19.972: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3210]

*Mar 2 08:59:23.842: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45610]

*Mar 2 08:59:31.972: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3211]

*Mar 2 08:59:35.842: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45611]

*Mar 2 08:59:55.971: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3212]

*Mar 2 08:59:59.841: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45612]

intelide3 Tue, 11/06/2007 - 05:06

hi,

have you tried telneting your POP and SMTP from outside?

i dont see any problem with your config.

intelide3 Tue, 11/06/2007 - 16:03

hmm..

inside interface up? mail server up? and have a correct gateway? do you have another firewall/ips behind the router?

strange -

Antonio Brandao Wed, 11/07/2007 - 00:00

Hi intelide,

inside interface up?

Yes

mail server up?

Yes

and have a correct gateway?

Yes

do you have another firewall/ips behind the router?

No

AB

Actions

This Discussion