Access-List Configuration for Mail Server

khashmi5226 · ‎09-09-2006

Hi Guys

I have a little bit of problem setting the access-list on my Router 2801. I have a mail server, after applying the access-list i cant neither send mail nor receive mail for some reason. I am confused about this behaviour.

I have an example of the config i have setup. The mail server is am SMTP Gateway (MailMarshal). Would appreciate if some one has any suggestion about it.

Port forwarding wont work, because i wont be able to send out mail then.

I am not blocking any traffic going out.

NAT FOR MAIL SERVER

ip nat inside source static <inside ip> <outside ip>

ACL FOR SMTP PORT

access-list 110 permit tcp any host <outside ip> eq 25

APPLYING ACL

Interface Faste 0/1

*** Connect's to the ISP ***

ip access-group 110 in

Thanks in advance

Ganesh Iyyappan Pillai · ‎09-09-2006

I think you need to also allow the TCP established sessions when you configure the ACLs. You may want to try access-list 110 permit tcp any any established

khashmi5226 · ‎09-10-2006

Thanks Ganesh

My new access-list

access-list 110 permit tcp any host eq smtp

access-list 110 permit tcp any any established

still no help ...

the think i am confused about it in if there is a problem with the access-list it should be mail only coming in.

but i can't send mail out too.

Thanks

sundar.palaniappan · ‎09-10-2006

Can you post the config after removing any sensitive info.

That would help quickly identifying the problem.

a.iliev · ‎09-11-2006

Hi Mate,

Try this

"ip nat inside source static tcp 25 25 extendable"

Plus, you are sourcing traffic from the server out and also revceiving, so add the following:

"access-list 110 permit tcp any eq 25 host "

And, you will be able to send mail as the port forwarding is bidirectional.

BR

khashmi5226 · ‎09-12-2006

Thanks for all you help guys..

The issue was with the SMTP gateways,,, it was doing a Reverse dns lookup, And a dns port heeded to be allow through...

Thanks for all you help ....