Hello,

I have identical setting for two ports I need open, 993 & 465, however the 465 port stays filtered. Both ports are open internally

21 ;;; SSL - IMAP ports
chain=dstnat dst-address=XXX.XXX.XXX.XXX protocol=tcp dst-port=993 action=dst-nat to-addresses=192.xxx.xx.xx to-ports=993

22 chain=srcnat src-address=192.xxx.xx.xx protocol=tcp src-port=465 action=src-nat to-addresses=XXX.XXX.XXX.XXX to-ports=0-65535

If I change action=src-nt to port 465 it still is filtered;

22 chain=srcnat src-address=192.xxx.xx.xx protocol=tcp src-port=465 action=src-nat to-addresses=XXX.XXX.XXX.XXX to-ports=465

Interestingly, the first one to 993 is open, but not 465.

How can I get this port opened up?

Thank you,

~James

src-nat ? You are changing outbound ports, not inbound. You want to open it up inbound to your server ? If so it should be dst-nat just like the first one.

Sam

src-nat ? You are changing outbound ports, not inbound. You want to open it up inbound to your server ? If so it should be dst-nat just like the first one.

Sam

This is how have all the other NAT ports opened. I always needed two. For example;

;;;
chain=dstnat dst-address=XXX.XXX.XXX.XXX protocol=tcp dst-port=80 action=dst-nat to-addresses=10.0.0.2 to-ports=0-65535

chain=srcnat src-address=10.0.0.2 protocol=tcp src-port=80 action=src-nat to-addresses=XXX.XXX.XXX.XXX to-ports=0-65535

This is for www. The is how I was told to get packets passing through in both directions. If I didn't have the second one in place it didn't work.

Could you elaborate?

Thank you,

~James

Now that I am looking at this again, I see my mistake, made the correction, and now it works.

However, can anyone tell me why I needed both of the entries below to get the port open?

chain=dstnat dst-address=XXX.XXX.XXX.XXX protocol=tcp dst-port=80 action=dst-nat to-addresses=10.0.0.2 to-ports=0-65535

chain=srcnat src-address=10.0.0.2 protocol=tcp src-port=80 action=src-nat to-addresses=XXX.XXX.XXX.XXX to-ports=0-65535

Many thanks,

James