[Firehol-support] Firehol port forward to internal system

[Joe Matuscak]

I'm trying to forward SMTP traffic from the Internet facing interface of the 
host I'm running Firehol on to a mail server on the other side of a OpenVPN
tunnel, like this:

Internet-->Firehol/OpenVPN host-->OpenVPN Tunnel-->Routing host-->Mail server

The hosts are running CentOS 6.6.
The routing host is at 192.168.252.25.
The mail server is at 192.168.252.26.

I can send outbound traffic from the mail server to the Internet over the OpenVPN
tunnel without a problem. 

I can connect to the SMTP port on the mail server from the Firehol host, but 
I can't get the access from the Internet working. 

Here's my firehol.conf file:

# External interface
interface4 eth0 external src not "${UNROUTABLE_IPS}" dst 104.236.X.X
policy reject
protection strong

server smtp accept

server ICMP accept
server openvpn accept
server ssh accept
client all accept

# VPN tunnel to DMZ network which is trusted
interface4 tun0 vpntun
policy accept
client all accept

# Route from LAN tunnel to external
router4 Tun2Internet inface tun0 outface eth0 dst not "${UNROUTABLE_IPS}"
masquerade
route all accept

# Route from Internet to mail server
router4 Internet2Tun inface eth0 outface tun0
server smtp accept dst 192.168.252.26

When I try to connect to the Firehol host external IP port 25, I get
a connection refused.

What am I missing?

TIA.

-- 
Thanks, 

Joe Matuscak | Director of Technology 
Rohrer Corporation | Office: 330-335-1541 
717 Seville Road | Wadsworth, Ohio 44281 
www.rohrer.com | A Better Package