I am trying to redirect ALL outgoing mail on the network to our internal mail server for spam / virus processing.
I think the rule is:
chain=dstnat in-interface=AP src-address=xx.xxx.217.0/24 protocol=tcp src-port=1-65535 dst-port=25 action=dst-nat to-addresses=xx.xxx.208.20 to-ports=25
I would like to force all port 25 traffic to our server. I do not see any traffic in my statistics graph so I am not sure if this rule is correct. Can someone verify the rule or tell me how it could be done better please?
Thank you for any help.
You don't need src-port.. Don't know if that's perhaps what's causing your problems...
Here's a example for you to work off.
Also worth noting, if to-address comes via the AP interface, you're going to have a endless loop. It's always a good idea to add a exception rule above your dst-nat for the ip you dst-nat to.
Lastly, if you dst-nat to x.x.208.20, your MT must have a local interface on the same IP Network as x.x.208.20. Otherwise, your dst-nat will fail. dst-nat cannot be routed, it must be directly connect.
--
Chris
Here's a example for you to work off.
Code: Select all
chain=dstnat in-interface=Border Network protocol=tcp dst-port=80
src-address-list=Everyone dst-address-list=!noHTTPProxy
action=dst-nat to-addresses=x.x.x.x to-ports=3128
Lastly, if you dst-nat to x.x.208.20, your MT must have a local interface on the same IP Network as x.x.208.20. Otherwise, your dst-nat will fail. dst-nat cannot be routed, it must be directly connect.
--
Chris
Who is online
Users browsing this forum: No registered users and 18 guests