NAT mail server internet

Unanswered Question
Oct 30th, 2007
User Badges:

Hi,


I would access my mail server from outside my lan.

I had configure follow instructions, but i still not having access to my mail server by my mail client from outside of lan.


Could anybody help me?



!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname mtech_lab_dti_csco

!

boot-start-marker

boot-end-marker

!

!

no network-clock-participate slot 1

no network-clock-participate wic 0

aaa new-model

!

!

aaa session-id common

ip subnet-zero

ip cef

!

!

!

no ftp-server write-enable

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.248 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 41.x.x.253 255.255.254.0

ip nat outside

duplex auto

speed auto

!

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.0.6 110 41.223.40.253 110 extendable

ip nat inside source static tcp 192.168.0.6 25 41.223.40.253 25 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 41.223.40.1

FastEthernet0/0

ip http server

!

access-list 1 permit any

!

line con 0

line aux 0

line vty 0 4

transport input telnet

!

!

!

end


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kevin Dorrell Tue, 10/30/2007 - 07:07
User Badges:
  • Green, 3000 points or more

I cannot see anything wrong with that. Have you tried:


access-list 6 192.168.0.6


debug ip nat 6


?


Kevin Dorrell

Luxembourg


Kevin Dorrell Thu, 11/01/2007 - 11:07
User Badges:
  • Green, 3000 points or more

Antonio, that wasn't supposed to solve the problem. It was supposed to let you see what is going on so we can debug it. Did you get any debug output from it? If so, could you post it please?


Kevin Dorrell

Luxembourg


Antonio Brandao Mon, 11/05/2007 - 07:59
User Badges:

Hi Kevin,


when a put this line :


- access-list 6 192.168.0.6


router returns follow error


- % Invalid input detected at '^' marker.


Could you review the code that you sent to me ?


Att


AB



Kevin Dorrell Mon, 11/05/2007 - 08:15
User Badges:
  • Green, 3000 points or more

Sorry,


access-list 6 permit 192.168.0.6



thotsaphon Mon, 11/05/2007 - 08:23
User Badges:
  • Gold, 750 points or more

Hi Antonio.

your existing configuration should be OK.I wanna ask you questions.

-Are you using 255.255.254.0 for the fastethernet 0/1?

-Are you using POP3 for getting mails from the outside?

-Can you perfectly use mail clients from inside?


-To make sure that you use the name for referencing the mail server in your mail client configuration. Lets say mailtest.xxxx.com.

-To make sure that you can resolve mailtest.xxxx.com from the internet to 41.223.40.253.

IF YOU ARE USING IP ADDRESS : 192.168.0.6 for doing that. YOU SHOULD NOT USE POP3 from the outside.


Hopes this helps

Thot

Antonio Brandao Mon, 11/05/2007 - 08:42
User Badges:

Hi thot, follow my answers :



-Are you using 255.255.254.0 for the fastethernet 0/1?

Yes, is a subnet range of our outside Network.


-Are you using POP3 for getting mails from the outside?

Yes, our mail server is in our inside network


-Can you perfectly use mail clients from inside?

Yes, no problem


-To make sure that you use the name for referencing the mail server in your mail client configuration. Lets say mailtest.xxxx.com.

I'm putting direct ip address in my mail client

41.223.40.253:110

41.223.40.253:25



-To make sure that you can resolve mailtest.xxxx.com from the internet to 41.223.40.253.

IF YOU ARE USING IP ADDRESS : 192.168.0.6 for doing that. YOU SHOULD NOT USE POP3 from the outside.


Why ? Which other way to do this ?



Im very confused with this problem.


AB

thotsaphon Mon, 11/05/2007 - 18:57
User Badges:
  • Gold, 750 points or more

Hi Antonio

Good to know you use the fixed IPs for referencing the mail server.

Is there any connection from the outside or not? we need to verify this step first.when you try to access the mail sever from the outside please let me know what you see when you do "sh ip nat translation | inc :25|:100".


Hopes this helps

Thot



Antonio Brandao Tue, 11/06/2007 - 08:25
User Badges:

Hi Thot,


Follow the output :


mtech_lab_dti_csco#sh ip nat translation | inc :25|:110

tcp 41.223.40.253:110 192.168.0.6:110 41.223.40.1:33945 41.223.40.1:33945

tcp 41.223.40.253:25 192.168.0.6:25 41.223.40.1:36232 41.223.40.1:36232

tcp 41.223.40.253:25 192.168.0.6:25 --- ---

tcp 41.223.40.253:110 192.168.0.6:110 --- ---





Antonio

Antonio Brandao Tue, 11/06/2007 - 08:34
User Badges:

Hi Kevin


Follow the outputs :


mtech_lab_dti_csco#

*Mar 2 08:59:10.977: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3208]

*Mar 2 08:59:13.974: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3209]

*Mar 2 08:59:14.848: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45608]

*Mar 2 08:59:17.845: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45609]

*Mar 2 08:59:19.972: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3210]

*Mar 2 08:59:23.842: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45610]

*Mar 2 08:59:31.972: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3211]

*Mar 2 08:59:35.842: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45611]

*Mar 2 08:59:55.971: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3212]

*Mar 2 08:59:59.841: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45612]

intelide3 Tue, 11/06/2007 - 05:06
User Badges:

hi,


have you tried telneting your POP and SMTP from outside?

i dont see any problem with your config.

intelide3 Tue, 11/06/2007 - 16:03
User Badges:

hmm..


inside interface up? mail server up? and have a correct gateway? do you have another firewall/ips behind the router?


strange -

Antonio Brandao Wed, 11/07/2007 - 00:00
User Badges:

Hi intelide,


inside interface up?

Yes


mail server up?

Yes


and have a correct gateway?

Yes


do you have another firewall/ips behind the router?

No


AB

Actions

This Discussion