Since the isp i use blocks port 25, i wanted to foward all traffic going out on port 25 to 2525.
I can get this to work with a nat rule with action netmap -> an IP addy and port 2525. (works for me but not for clients that may go to ANY smtp server.)
If i set the action to redirect and the port to 2525 it does not go through at all.
Any ideas? tks
Thanks for the response, but i have a folow up question (ive read the manual too):
I have a nat rule that i can see grabs the clients port 25 smtp packets (I have the rule's action set to ("redirect" or dst-nat or src-nat) and the port value: 2525)
Do i need to set up rules to accept and re direct the packets coming back on port 2525?
I ask because i still cant get mail clients that are set to default of port 25 to be redirected to 2525 (if ever i manully set the client to use 2525 it works, mail sends)
tks..
joe
I have a nat rule that i can see grabs the clients port 25 smtp packets (I have the rule's action set to ("redirect" or dst-nat or src-nat) and the port value: 2525)
Do i need to set up rules to accept and re direct the packets coming back on port 2525?
I ask because i still cant get mail clients that are set to default of port 25 to be redirected to 2525 (if ever i manully set the client to use 2525 it works, mail sends)
tks..
joe
ok here are some configs,
tell me what u think.
tks
[/code]
tell me what u think.
tks
Code: Select all
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; added by setup
192.168.5.1/24 192.168.5.0 192.168.5.255 ether1
1 192.168.5.254/32 192.168.5.0 192.168.5.0 ether1
2 D My_PublicIP_addy/32 68.x.x.x 0.0.0.0 pppoe-out1
3 D 12.217.x.x/22 12.217.156.0 12.x.x.x ether3
4 D 192.168.5.251/32 192.168.5.252 0.0.0.0 fromlaptop
Code: Select all
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 12.x.x.0/22 12.217.x.x ether3
1 ADC 68.x.x.69/32 My_PublicIP_addy pppoe-out1
2 ADC 192.168.5.0/32 192.168.5.254 ether1
3 ADC 192.168.5.252/32 192.168.5.251 fromlaptop
4 ADC 192.168.5.0/24 192.168.5.1 ether1
5 A S 0.0.0.0/0 r 68.x.x.x 1 pppoe-out1Code: Select all
1 X ;;; EMAIL
chain=dstnat src-address=192.168.5.0/24 protocol=tcp dst-port=25
action=netmap to-addresses=64.151.x.x to-ports=2525
7 ;;; sw smtp 2600->161
chain=dstnat dst-address=My_PublicIP_addy protocol=udp dst-port=2600
action=netmap to-addresses=192.168.5.2 to-ports=161
8 ;;; sw web
chain=dstnat dst-address=My_PublicIP_addy protocol=tcp dst-port=2685
action=netmap to-addresses=192.168.5.2 to-ports=80
9 chain=srcnat out-interface=ether3 action=masquerade
10 chain=srcnat out-interface=pppoe-out1 action=masquerade
11 ;;; sw web
chain=dstnat dst-address=My_PublicIP_addy protocol=tcp dst-port=2680
action=netmap to-addresses=192.168.5.11 to-ports=80
12 ;;; Xchange VNC 5906
chain=dstnat dst-address=My_PublicIP_addy protocol=tcp dst-port=239
;;; Xchange RDC
chain=dstnat dst-address=My_PublicIP_addy protocol=tcp dst-port=2390
action=netmap to-addresses=192.168.5.239 to-ports=3389
14 ;;; CABLEsw smtp 2600->161
chain=dstnat dst-address=My_PublicIP_addy protocol=udp dst-port=2600
action=netmap to-addresses=192.168.5.2 to-ports=161
If you actually want all your clients' outgoing SMTP traffic to the server 64.151.x.x, your first dst-nat rule should read like this:
(and then, of course, not disabled 
)
Best regards,
Christian Meis
Code: Select all
1 X ;;; EMAIL
chain=dstnat src-address=192.168.5.0/24 protocol=tcp dst-port=25
action=dst-nat to-addresses=64.151.x.x to-ports=2525
Best regards,
Christian Meis
I'm not sure I understand what you want to achieve. If your want to dst-nat every outgoing SMTP connection so that just the dst-port is changed to 2525 (and the destination address is leaved unchanged), you would have to use
But this will obviously not work most of the time, because a standard SMTP server "somewhere on the internet" will not listen on port 2525.
So I'm not clear about what you really want...
Best regards,
Christian Meis
Code: Select all
1 ;;; EMAIL
chain=dstnat src-address=192.168.5.0/24 protocol=tcp dst-port=25
action=dst-nat to-addresses=0.0.0.0/0 to-ports=2525
So I'm not clear about what you really want...
Best regards,
Christian Meis
cmit,
Thanks it works great.
The reason wanted to do this is my ISP BLOCK port 25 outgoing. So allowing my customers to use port 25 for smtp is pointless as their packet will get dropped anyway.
Some smtp servers support 2525 so its worth a shot..lets put it this way ive gotten 2 support calls from ppl who could not send email, and one of them was resovled by switching the client port to 2525..so i guess this would have fixed that before they called.
Thanks again for the quick responses.
jo!
Thanks it works great.
The reason wanted to do this is my ISP BLOCK port 25 outgoing. So allowing my customers to use port 25 for smtp is pointless as their packet will get dropped anyway.
Some smtp servers support 2525 so its worth a shot..lets put it this way ive gotten 2 support calls from ppl who could not send email, and one of them was resovled by switching the client port to 2525..so i guess this would have fixed that before they called.
Thanks again for the quick responses.
jo!
cmit,
I am trying to use the firewall rule you suggested, but my outlook client will not send emails.
I even edited the rule to "redirect" from port 25 to port 25 and still outlook will not send emails. Below are my rules.
While troubleshooting I only see the counters increasing.
What can be wrong? How can I troubleshoot?
Thanks,
juibar
I am trying to use the firewall rule you suggested, but my outlook client will not send emails.
I even edited the rule to "redirect" from port 25 to port 25 and still outlook will not send emails. Below are my rules.
Code: Select all
0 ;;; masquerade hotspot network
chain=srcnat src-address=192.168.0.0/24 action=masquerade
1 ;;; SMTP port redirect
chain=dstnat protocol=tcp dst-port=25 action=dst-nat
to-addresses=0.0.0.0 to-ports=25
2 ;;; masquerade for private network
chain=srcnat src-address=192.168.1.0/24 action=masquerade
What can be wrong? How can I troubleshoot?
Thanks,
juibar
Last edited by juibar on Mon Nov 06, 2006 6:13 am, edited 1 time in total.
well its not exatly what you want but i can tell you what i did to resolve this issue for me.
the isp's line i was sharing with these clients has a Mail server they allow local customers to use...so i did this nat rule:
5 ;;; EMAIL
chain=dstnat src-address=192.168.5.0/24 protocol=tcp dst-port=25
action=netmap to-addresses=70.xx.xx.xxx to-ports=25
works great and fowards any clients out going mail request to our local server..reguardless of end client server or user id / pass settings
the isp's line i was sharing with these clients has a Mail server they allow local customers to use...so i did this nat rule:
5 ;;; EMAIL
chain=dstnat src-address=192.168.5.0/24 protocol=tcp dst-port=25
action=netmap to-addresses=70.xx.xx.xxx to-ports=25
works great and fowards any clients out going mail request to our local server..reguardless of end client server or user id / pass settings
Who is online
Users browsing this forum: No registered users and 23 guests