I am setting up an email server and it is reachable on port 25 at mx.example.tld when I am coming from outside the LAN.
All good so far.
But when I try to connect to it from LAN the connection gets refused because it originates from LAN and wants to get in via WAN.
ow can I allow this type of connections?
hope you've disabled open relay.
Set it to listen to all interfaces, or make sure your public DNS resolves to you LAN subnet IP from within your LAN.
certainly
could you please elaborate on that? what should be set to listen on all interfaces?
the email server ?
already listening on all interfaces. I have worked around the issue for now using hostnames functionality in openwrt. returning the local lan ip. I was hoping for a solution that does not need that
The keyword here would be "nat loopback" or "hairpin" in case that port 25 is port forwarded.
yes it is port forwarded. how do I allow nat loopback or hairpin?
The OpenWrt uci firewall should take care of this by default. How did you configure the forward?
I used LUCI -> network -> firewall - port forwards
NAT loopback (i.e. the OpenWrt setting) only works for the IP in question (i.e. testing the server from the server's IP).
You will have to:
I advise the DNS method
# in /etc/config/dhcp
config domain
option ip '192.168.1.xxx'
option name 'mx.example.tld'
# in /etc/config/firewall
config redirect
option target 'DNAT'
option src 'wan'
option proto 'tcp'
option src_dport '25'
option dest_port '25'
option src_ip '192.168.1.0/24'
option name 'REDIRECT_SMTP_LAN'
option dest_ip '192.186.1.xxx'
option dest 'lan'
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.