port 25, 53 and router

[inusrat]

Hi,

i am using a router between my server and DSL modem.
I have done port forwarding for port 80, 25 and 53. When I do scan for port it says port 80 is open but no existnace of port 25, 53.. I want to open port 24 and 53 so that i could email people from my sever. When i use modem diecet my emails go fine, meaning port are not blocked by my ISP it has something to do with the router.

Your help wil ne apreciated.

Thanks



thannks

 

[ChrisAC]

For your server to send outgoing mail, you don't need any external ports open (ie. connections from the internet to your server). You just need SMTP and DNS outbound (from your server to the internet).

If you want to host your own mail server (ie. have the MX record for your domain point at your static server IP) then you will need inbound SMTP. You will not need DNS open unless you are hosting on your own DNS server.

Also, even though you have opened ports on your router, are these open on the DSL modem?

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[inusrat]

Thanks for your reply. So I do not need to to open 25 and 53 for out going mails. I was told that you need 53 for DNS resolution, but I guess that probably also needed for incoming emails.

My modem has blocked 53, because even with out the router it is closed. But looks like my router has blocked 25 because with the out router if I check it is open, with router I get the message "No evidence of port" status "stealth".

"My emails were going fine but since added router I get this message in the event viewer "Message delivery to the remote domain 'yahoo.com' failed for the following reason: An internal DNS error caused a failure to find the remote server."

I don't know what is going on..

Thanks

 

[ChrisAC]

So I do not need to to open 25 and 53 for out going mails. I was told that you need 53 for DNS resolution, but I guess that probably also needed for incoming emails."

To send mail out directly from your mail server you do not need to open INBOUND ports, ie. other servers do not connect to you on those ports when you send out mail.

You do however need to ensure that your mail server has port TCP 25 (smtp) connectivity OUTBOUND so that it can connect to other mail servers on this port in order to make smtp connections. Also, if you are not using your ISP's mail server as a 'smart host' then you will need UDP 53 (DNS) OUTBOUND so that your server can contact your ISP's DNS server and query domain names to resolve the MX record so that it knows where to send the mails.

I would suspect that your DSL modem blocks INBOUND ports as most allow all outbound traffic. This should enable you to send out DNS queries and connect to other mail servers just fine.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[inusrat]

Hi,

I think my problem is my ISP. When I ran port check with out the router for port 25 I get status "Stealth"(There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!)

Which I believe is worst than closed, meaning there is not even connectivity OUTBOUND...right?
Thanks

 

[ChrisAC]

No. If you are scanning your router for port 25 from the internet then you will get no INBOUND connections, ie. mail servers from the internet will not be able to connect to your router/server.

However, you still should be able to connect OUTBOUND from your server to the internet.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[inusrat]

I guess what I want to know and where I get little confused what is the difference between port "closed" and port "stealth". I was thnink when the port is stealth you do not even have out bound connection..correct?

 

[ChrisAC]

No. Having a port stealthed (for incoming connections to ports on your server) does not stop you from connecting outbound from your server to the internet. When a port is stealthed it just means that the firewall will drop packets to that port without sending a reset to the client. When the firewall resets the TCP connection then the port is considered closed.

It's like if someone knocked at your front door and you just ignored them. That would be 'stealth'. On the other hand if they knocked and you shouted back "Go away, I'm not in", that would be closed. Eitherway, it wouldn't stop you from leaving your house.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[inusrat]

thanks for your reply. you cleared up my confusion