[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Mail server can not be accesed from outside through ADSL

Posted on 2004-10-26
Medium Priority
Last Modified: 2010-04-10
Hi experts, I have configure the outgoing connection through ADSL router, and there is no problem with it.
But, I have problem when I should configure Port Redirection Table.
I have Linux mail server that can be accessed from internet, via HTTP, SMTP and POP3.
But if I connect via ADSL, the mail server cannot be accessed from outside, even from HTTP. In my router ADSL, I configured port redirection for port 80., 25 and 110.
If I connect directly, mail server ok.
I use Linux Slackware 8.1 Kernel 2.4.18, with qmail-1.03, and squirrel mail-1.4.2 and Vigor 2500 ADSL router.

 When I check the configuration from internet, there is a report in Vigor ADSL router.

     Private IP :Port #Pseudo Port         Peer IP :Port  Ifno  Status  
-------------------------------------------------------------------------------    80           80 50437     3  0     when try access from internet    80           80 50350     3  0    80           80 50214     3  0    
     110          110  1207     3  0   when try POP3 from outlook  

And from my Linux mail server, I typed netstat –n, the report :

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0     SYN_RECV  

I’ve searched from internet to solve this problem, it seems the problem in my ADSL ISP.But I have to make sure the problem in their site, because they said that they  already redirected the IP. We can access internet http (go outside) from our LAN through ADSL router, Is it means that they open port 80 for http from outside to go to my mail server? Is there any setting that I should set in Linux, even if I connect directly form PC to my Linux mail server, it works properly?
I really appreciate for all of your help.

Best Regards,
Question by:niken_asterina
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Expert Comment

ID: 12418551
Hi niken_asterina,
You shouldn't be having a problem on your server, I see you are listening on the LAN IP of the server so it is doing what it needs to do. Download and run NMAP (http://www.nmap.org), or any port scanner you prefer and test it against your WAN-IP, make sure your server is up, and find out what ports are being listened on. If port 110 and 25 are being listened on then there is some other problem. Ultimately, you should be able to do:

telnet 110

And get a response, an "OK message." If you find that the ports are not being listened on then run NMAP on the server using the LAN IP to make sure that it is indeed excepting inbound connections on those ports. See what happens. If the WAN port scan fails and the LAN port scan succeeds then you have isolated the problem. You did not enable any security on your server to only accept connections from your subnet eh?


Accepted Solution

fixnix earned 2000 total points
ID: 12422263
ADSL usually means residential/non-business consumer and Acceptable Use Policies (AUP's) for home/cheap accounts typically do not allow running servers.  That's the first thing to check.  Many ISP's block inbound popular server ports including 21, 25, 53, 80, 110, and NETBIOS ports 139 and 445 to their end users.  That's why you can get a 1.5 down/256k up ADSL line for $30/mo while a 1.1 up/down SDSL line explicitly allowing servers and larger blocks of IP addresses will run you closer to $300/mo.  ADSL is cheaper because by design (slower outgoing bandwidth) it is intended for home/casual users, no servers, and no guarantee of uptime.  If an ADSL line goes down and takes 3-5 days to get fixed, this is considered acceptable in the industry.  Obviously 5 days downtime is not considered acceptable if you're running servers.

Residential cable customers are often bound by similar AUP's as ADSL subscribers.  If home-type connections in your area block common inbound server ports, it is likely intentional to enforce their AUP.  If you require services not covered by your AUP, then you should get a commercial line.  I have a T1 at home with 32 IP's (and 8 phone lines that use no bandwidth until the phone is actually in use) and a wide open AUP to do anything I want that's not illegal, and no monthly bandwidth useage caps.  Some people laugh at my $355/mo bill and say things like "well I have comcast and can download twice as fast as you and I only pay $60/mo.  Laugh away.  You can't run any servers, you pay $5/mo per additional IP if you need them, you can't run your own DNS nor have RDNS delegated to you, you can't send out port 25 traffic to anywhere but comcast's SMTP servers, and have a third the outgoing bandwidth as me...not to mention my uptime guarantee and more prompt/professional/clueful tech support.  Many but not all consumer-grade broadband connections have monthly bandwidth caps as well.  You get what you pay for depending on your local market.

Residential broadband AUP's vary provider to provider and market to market, so you might get away with more in other areas.  Since the TCP handshake is not completing to your server, and the port forwarding seems correct in your router, I'd wager your ISP is blocking you.  You may need a more expensive service.  I've even seen "buisness class DSL" packages around here that STILL don't allow servers and will block popular inbound ports.  Then again those are still in the $50-100/mo range.

I wish you luck in finding a cheap broadband ISP that allows running servers.  See if speakeasy is available in your area.  If you're lucky, you might even get their 6mbit/1mbit ADSL package allowing servers for about $100/mo with a couple IP addresses.  No uptime guarantee, but otherwise a great deal and sweet download bandwidth.  I wouldn't want to host for pay on one of those lines, but personal/friend's use and for hobby/learning purposes it'd be pretty sweet.

Author Comment

ID: 12442125
Thanks, for all your comment,
Actually this is in ISP site, but unfortunately they cannot do anything to help me. So I will move to the other ISP.


Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question