NAT mail server internet

Antonio Brandao · ‎10-30-2007

Hi,

I would access my mail server from outside my lan.

I had configure follow instructions, but i still not having access to my mail server by my mail client from outside of lan.

Could anybody help me?

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname mtech_lab_dti_csco

!

boot-start-marker

boot-end-marker

!

no network-clock-participate slot 1

no network-clock-participate wic 0

aaa new-model

!

aaa session-id common

ip subnet-zero

ip cef

!

no ftp-server write-enable

!

interface FastEthernet0/0

ip address 192.168.0.248 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 41.x.x.253 255.255.254.0

ip nat outside

duplex auto

speed auto

!

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.0.6 110 41.223.40.253 110 extendable

ip nat inside source static tcp 192.168.0.6 25 41.223.40.253 25 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 41.223.40.1

FastEthernet0/0

ip http server

!

access-list 1 permit any

!

line con 0

line aux 0

line vty 0 4

transport input telnet

!

end

Kevin Dorrell · ‎10-30-2007

I cannot see anything wrong with that. Have you tried:

access-list 6 192.168.0.6

debug ip nat 6

?

Kevin Dorrell

Luxembourg

Antonio Brandao · ‎11-01-2007

Hi Kevin,

I tried this, but did not work.

what can be happening?

Antonio

Kevin Dorrell · ‎11-01-2007

Antonio, that wasn't supposed to solve the problem. It was supposed to let you see what is going on so we can debug it. Did you get any debug output from it? If so, could you post it please?

Kevin Dorrell

Luxembourg

Antonio Brandao · ‎11-05-2007

Hi Kevin,

when a put this line :

- access-list 6 192.168.0.6

router returns follow error

- % Invalid input detected at '^' marker.

Could you review the code that you sent to me ?

Att

AB

Kevin Dorrell · ‎11-05-2007

Sorry,

access-list 6 permit 192.168.0.6

Thotsaphon Lueangwattanaphong · ‎11-05-2007

Hi Antonio.

your existing configuration should be OK.I wanna ask you questions.

-Are you using 255.255.254.0 for the fastethernet 0/1?

-Are you using POP3 for getting mails from the outside?

-Can you perfectly use mail clients from inside?

-To make sure that you use the name for referencing the mail server in your mail client configuration. Lets say mailtest.xxxx.com.

-To make sure that you can resolve mailtest.xxxx.com from the internet to 41.223.40.253.

IF YOU ARE USING IP ADDRESS : 192.168.0.6 for doing that. YOU SHOULD NOT USE POP3 from the outside.

Hopes this helps

Thot

Antonio Brandao · ‎11-05-2007

Hi thot, follow my answers :

-Are you using 255.255.254.0 for the fastethernet 0/1?

Yes, is a subnet range of our outside Network.

-Are you using POP3 for getting mails from the outside?

Yes, our mail server is in our inside network

-Can you perfectly use mail clients from inside?

Yes, no problem

-To make sure that you use the name for referencing the mail server in your mail client configuration. Lets say mailtest.xxxx.com.

I'm putting direct ip address in my mail client

41.223.40.253:110

41.223.40.253:25

-To make sure that you can resolve mailtest.xxxx.com from the internet to 41.223.40.253.

IF YOU ARE USING IP ADDRESS : 192.168.0.6 for doing that. YOU SHOULD NOT USE POP3 from the outside.

Why ? Which other way to do this ?

Im very confused with this problem.

AB

Thotsaphon Lueangwattanaphong · ‎11-05-2007

Hi Antonio

Good to know you use the fixed IPs for referencing the mail server.

Is there any connection from the outside or not? we need to verify this step first.when you try to access the mail sever from the outside please let me know what you see when you do "sh ip nat translation | inc :25|:100".

Hopes this helps

Thot

Antonio Brandao · ‎11-06-2007

Hi Thot,

Follow the output :

mtech_lab_dti_csco#sh ip nat translation | inc :25|:110

tcp 41.223.40.253:110 192.168.0.6:110 41.223.40.1:33945 41.223.40.1:33945

tcp 41.223.40.253:25 192.168.0.6:25 41.223.40.1:36232 41.223.40.1:36232

tcp 41.223.40.253:25 192.168.0.6:25 --- ---

tcp 41.223.40.253:110 192.168.0.6:110 --- ---

Antonio

Antonio Brandao · ‎11-07-2007

Hi Thot,

do you have any idea about this problem ?

AB

Antonio Brandao · ‎11-06-2007

Hi Kevin

Follow the outputs :

mtech_lab_dti_csco#

*Mar 2 08:59:10.977: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3208]

*Mar 2 08:59:13.974: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3209]

*Mar 2 08:59:14.848: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45608]

*Mar 2 08:59:17.845: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45609]

*Mar 2 08:59:19.972: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3210]

*Mar 2 08:59:23.842: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45610]

*Mar 2 08:59:31.972: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3211]

*Mar 2 08:59:35.842: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45611]

*Mar 2 08:59:55.971: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3212]

*Mar 2 08:59:59.841: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45612]

intelide3 · ‎11-06-2007

hi,

have you tried telneting your POP and SMTP from outside?

i dont see any problem with your config.

Antonio Brandao · ‎11-06-2007

Hi intelide,

Yes, but not work.

AB

intelide3 · ‎11-06-2007

hmm..

inside interface up? mail server up? and have a correct gateway? do you have another firewall/ips behind the router?

strange -