D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: obeiro on June 21, 2012, 09:42:47 AM

Title: Can't access SMTP public IP from LAN
Post by: obeiro on June 21, 2012, 09:42:47 AM

Hi,
I'm trying to harden our firewall rules since they were a bit too loose :-).
So, I've got an good old DFL-800 and I've disabled: lan_to_wan1 -> allow_standard rule (you can send every packet to the net) and set  allow (NAT) rules for main services: DNS, web, imap, pop, smtp, etc.
Everything works fine, except for a single thing.

We have a Relay SMTP server in our LAN.

• If a computer in the LAN uses a local IP: email is sent.
• If a laptop uses SMTP public IP the packet is dropped.

Log shows:
2012-06-21 17:34:17    Warning    RULE 6000051    Default_Rule    TCP lan   <Private IP>-<Public IP>   3828-25    ruleset_drop_packet  drop

So I thought: OK I've forgot to open SMTP port to the internet.
wan1_to_lan-> allow_smtp_nat NAT any  all-nets core wan1_ip smtp
wan1_to_lan-> allow_smtp_sat SAT any  all-nets core wan1_ip smtp

This seem to solve access from laptops outside our LAN, but when they are back on the LAN the problem persists.

Please ask for more info, if anything is not clear enough.

Thank you

Title: Re: Can't access SMTP public IP from LAN
Post by: obeiro on June 22, 2012, 08:25:41 AM

Hi again,

There was something wrong (there always is) and I've figured it out.

Thank you anyway.