ClearFoundation

I thought this would be relatively simple, but ran into some problems, and haven't been able to find a solution. Here's my issue-

I have outside salesmen in my company. Our ClearOS box is our e-mail server. SMTP runs on port 25, as it should, works great. However, one of my salesmen can't connect. I believe it's his ISP. If I change the Clear box to SMTP port 525, and reconfigure him, it works fine. So I thought, great, I'll just forward port 525 to port 25 and everyone will still connect to 25 and he'll work on 525. Except that it doesn't work.

Network-
Cable Modem, just a modem, no firewall or routing or anything.
Clear Box, runs e-mail, firewall, and VPN. 192.168.21.1
Network. 192.168.21.2-254

As I only have a general understand of how this stuff works, I'm sure I'm either doing something wrong or trying to do something that's impossible. Any help would be appreciated!

Where is your modem sitting in this? Is it connected to a PC/Server or into something else? Does it have an IP?

When you set up the port forwarding of port 525 to 25 did you also allow port 525 in the firewall?

You can't port redirect / change on the same machine in that way via the webconfig. So you can't redirect incoming traffic on port 525 to 25 on ClearOS

You should be able to do it manually with some iptables trickery
Change eth0 to your WAN interface

This way you don't need to open up port 525 and leave your config as is.

If you want to make it permanent add it to /etc/rc.d/rc.firewall.local

If it doesn't work - wipe the changes with 'service firewall restart'

Thanks Tim, that did the trick! For reference-
The modem is in front, connected to the Clear box, can't be connected to from inside the network.
And I tried both opening the incoming and not, I read somewhere that one overrides the other, so I tried both, and neither worked.
I suspected you couldn't use the box to forward a port to itself, thanks for the help Tim!

iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 525 -j REDIRECT --to-ports 25

works great. but it seems like Clear forgets this setting every couple of hours and I'd need to rerun the code to work again.

Tim Burgess wrote:
If you want to make it permanent add it to /etc/rc.d/rc.firewall.local

To make the rule permanent, add it to the custom rules section of the firewall in the webconfig or add it directly to /etc/rc.d/rc.firewall.local. If you don't do this, any time the firewall restarts you ill lose your rule.

Thank you Tim. I have my station set as "Standalone No Firewall" so i thought "rc.firewall.local" will be ignored by the OS.