Help unable to send email to the outside!! :-(

[rocketlauncher]

Hello Everyone,

I hope some one could shed a light.

The situation is that I cannot send email to the outside world. But I'm able to receive email.

Settings are as following:
******************************************************
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
speed auto
!
interface Serial0/0
ip address 88.88.8.22 255.255.255.252
ip access-group 101 in
ip nat outside

I'm currently using the following NAT:

ip nat pool NATLISTNAME 99.99.99.27 99.99.99.27 netmask 255.255.255.248
ip nat inside source list 1 pool NATLISTNAME overload
ip nat inside source static tcp 192.168.0.4 110 99.99.99.26 110 extendable
ip nat inside source static tcp 192.168.0.4 25 99.99.99.26 25 extendable

LIST:
access-list 1 deny 192.168.0.4 0.0.0.0
access-list 1 permit 192.168.0.0 0.0.0.255
*********************************************************
What do I need to do in order for it to work??? Am I missing something???

Please help!!

Thanks,

Rocket

 

[jimmyzz]

Rocket,
Depends what you have on your access-list 100 and 101. Can you post them (minus the real IP address). Is 192.168.0.4 your mail server?

JimmyZ

 

[rocketlauncher]

Thanks for responding Jimmy,

I didn't define list 100 so its allowing everything on that Interface by default.

Here is List 101 assigned to S0/0:

Extended IP access list 101
10 deny tcp any any eq 2000 log
20 deny tcp any any eq 6000 log
30 deny tcp any any range 135 139 log
40 deny udp any any range 135 netbios-ss log
50 deny udp any any eq 169 log
60 deny tcp any any eq 445 log
70 deny udp any any eq 445 log
80 deny tcp any any eq 593 log
90 deny udp any any eq 4444 log
140 permit tcp any host 99.99.9.26 eq smtp
150 permit tcp any host 99.99.9.26 eq www
160 permit tcp any host 99.99.9.26 eq pop3
170 permit tcp any host 99.99.9.26 eq 1494
200 deny ip any host 99.99.9.26
210 permit ip any any

Any ideas?????

Thanks,
Rocket

 

[experimenter]

What is your email server IP? 99.99.9.26 or 99.99.99.26?
Also are you ruse DNS resolution is not denied for that IP?



Experimenter

 

[jimmyzz]

Experimenter,
I think Rocket is using 99 to hide his real IP address, though that was a pretty good pickup. The DNS issue is another good point to consider.

Rocket,
Can you check that your Mail server can resolve DNS. It may be a problem on the server rather than the router. You can check the router logs to see if the DNS requests are being denied.

JimmyZ

 

[rocketlauncher]

Hello everyone,

First of all thanks for all you help guys.

And let me tell you we have 90 % of it up and running, only one slight problem with videoconferencing:

What happens is that when we initiate a call I have no problem, we see and hear the other side. But, when someone from the outside initiates videoconferencing call the connection can't be established.

I've have the following NAT Settings (I initiate call):

ip nat inside source static 192.168.0.128 99.99.99.28

I've debug it and it shows:

--- 99.99.9.28 192.168.0.128 ---
---

tcp 99.99.9.28:2840 192.168.0.128:2840 88.888.88.888:1720 88.888.88.888:1720


If I change the NAT to the following (In this case they initiate the call):

ip nat inside source static tcp 192.168.0.128 1720 99.99.99.28 1720 extendable

In the debug it and I see the following and thats all:

tcp 99.99.99.28:1720 192.168.0.128:1720 --- ---

So what I think is happening in the second instance, I cannot go out because it starts the call on a different port than 1720. But if I change the NAt configuratins they cannot connect. How do I go around this???

It feels like I'm going in circles.

Again, Thank You all.

Regards,
Rocket