• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1115
  • Last Modified:

how to open outbound port on 2-wire router/firewall

I'm trying to set up mail on linux host 'cantleys'. I can receive mail on that host just fine, but I cannot sent mail from that host. It appears that port 25 is being blocked somewhere. If I try to telnet from 'cantleys' to remote host 'fluxrunner' on port 25 I get a timeout.

1 14:39:06 root@cantleys:~
> telnet webhost1.fluxrunner.com 25
Trying 96.11.168.99...
telnet: connect to address 96.11.168.99: Connection timed out

If I do an nmap from a different remote host (novatec) that can telnet to fluxrunner on 25 I get:

From novatec-inc.com
nmap webhost1.fluxrunner.com

Starting Nmap 5.51 ( http://nmap.org ) at 2012-09-15 14:42 EDT
Nmap scan report for webhost1.fluxrunner.com (96.11.168.99)
Host is up (0.0032s latency).
rDNS record for 96.11.168.99: rrcs-96-11-168-99.central.biz.rr.com
Not shown: 986 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
37/tcp   open  time
80/tcp   open  http
110/tcp  open  pop3
113/tcp  open  auth
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
587/tcp  open  submission
1521/tcp open  oracle
2100/tcp open  amiganetfs
8009/tcp open  ajp13
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds

Notice that it can see port fluxrunner's port 25. If I do this same nmap on 'cantleys' to 'fluxrunner' I get:

From cantleysauto.com
 nmap webhost1.fluxrunner.com

Starting Nmap 5.51 ( http://nmap.org ) at 2012-09-15 14:32 EDT
Nmap scan report for webhost1.fluxrunner.com (96.11.168.99)
Host is up (0.11s latency).
rDNS record for 96.11.168.99: rrcs-96-11-168-99.central.biz.rr.com
Not shown: 905 closed ports, 84 filtered ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
37/tcp   open  time
80/tcp   open  http
110/tcp  open  pop3
113/tcp  open  auth
587/tcp  open  submission
1521/tcp open  oracle
2100/tcp open  amiganetfs
8009/tcp open  ajp13
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 7.11 seconds

In this case port 25 is not listed. If I do some tweakage to the 2-wire firewall/router upstream from the cantleys host I get:

From cantleysauto.com with some tweekage to firewall
nmap webhost1.fluxrunner.com

Starting Nmap 5.51 ( http://nmap.org ) at 2012-09-15 14:38 EDT
Nmap scan report for webhost1.fluxrunner.com (96.11.168.99)
Host is up (0.10s latency).
rDNS record for 96.11.168.99: rrcs-96-11-168-99.central.biz.rr.com
Not shown: 985 closed ports
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
25/tcp   filtered smtp
37/tcp   open     time
80/tcp   open     http
110/tcp  open     pop3
113/tcp  open     auth
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
587/tcp  open     submission
1521/tcp open     oracle
2100/tcp open     amiganetfs
8009/tcp open     ajp13
8080/tcp open     http-proxy

Nmap done: 1 IP address (1 host up) scanned in 28.99 seconds

Notice that port 25 is now listed, but it is filtered, so I still can't connect out on port 25. However, the fact that I was at least able to see the port after manipulating firewall settings tells me that this is a firewall problem, not an ISP problem (I think).

Does anyone know what I can do to the 2-wire router (or whatever) to have outbound access to port 25? This is getting urgent! Thanks
0
jmarkfoley
Asked:
jmarkfoley
  • 2
1 Solution
 
Rob WilliamsCommented:
All outgoing traffic is usually allowed on any SOHO router such as a 2-wire. It is more likely your ISP is blocking the traffic. Have you checked with them?
0
 
PerarduaadastraCommented:
A workaround would be to use the alternative smtp port 587, which I notice is open in all of the reports that you listed in your question. Unfortunately I don't know enough about Linux to advise on how and where to make the necessary changes to make this work, but it's certainly do-able.
0
 
jmarkfoleyAuthor Commented:
Perarduaadastra - I suppose using an alternate port is possible, but the problem with that is, since the connection issue is "outgoing", the remote end would have to be listening on 587 for smtp traffic. If one is routing to a dedicated/smart-host which listened on 587, then OK, but that's not my case.

RobWill: In fact, the ISP was exactly the problem! I suspected that, but wanted to make sure I wasn't missing something on the router configuration on my end before calling them. The ISP in this case is SBCGLOBAL. I checked locally on roadrunner, Time-Warner Telecom and Wowway, and none of those carriers block port 25 out. Sbcglobal does! They said that not many of their customers use that port. I find that extremely difficult to believe since anyone using Outlook will use port 25 by default. I don't know, but I'm guessing that if you use smtp on Sbcglobal they must give you a different port for their mail server. Anyway, problem solve and Sbcglobal has opened port 25 for us! Thanks.
0
 
Rob WilliamsCommented:
Many ISP's block different traffic to try to keep you from running mail and web servers on dynamic IP or residential accounts.  Doing so on static commercial accounts is very rare.

Glad to hear you were able to resolve.
Thanks   jmarkfoley.
Cheers!
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now