Title: DNAT Policy Not working correctly - can someone give me a hand!?! Post by: jbrent on Friday 11 December 2009, 06:53:44 am First off - Endian Community is blowing the socks off my aging Symantec Gateway Security 1620...Rock.
FTP access speeds have doubled web traffic speeds have double... Amazing. I have everything working beautifully except for one snafu which might make me have to roll back to my old appliance. Here is my setup: Endian External IP: 207.67.55.x Internal IP: 10.0.0.2 Barracuda: 10.0.0.3 Exchange: 10.0.0.4 My Problem: I only allow our internal network (10.0.0.x) to use smtp in Exchange. All our incoming mail from the world hits 207.67.55.x and is routed to our Barracuda which delivers email to our Exchange server. I have setup a SMTP backdoor for people outside the office to use if port 25 is blocked by their ISP or hotel or whatever. I use port 465 for this purpose. So I setup a Port Forwarding / NAT rule the same way I do with SMTP but instead of 25, I use 465. Instead of routing port 465 traffic to the barracuda, I route it to our Exchange server. I set the DNAT Policy to "Do Not NAT" and enabled logging. All is well right? Wrong... When I telnet to 207.67.55.x from my home on port 465 I get nothing. Connection Times out. When I telnet to 207.67.55.x from my home on port 465 with "NAT Policy" set to "NAT", the connection works and it passes traffic just fine to my exchange server as the ip address from my home. This will obvsiouly not allow you to send mail. I need the traffic to be passed to our exchange server as the ip address of the Endian Firewall (10.0.0.2). So I should just be able to turn off the DNAT Policy and set it to "Do Not Nat" but it doesn't work that way. I have played with some system access settings and that doesn't seem to be of any help. How can I make all traffic on port 465 leave the endian firewall as if it came from the endian firewall? Hit me up! I'm desperate! Thanks guys! Title: Re: DNAT Policy Not working correctly - can someone give me a hand!?! Post by: jbrent on Saturday 12 December 2009, 06:27:01 am Fixed...
I needed a source NAT... but I didn't know that I could leave the "source" field blank! All is good! YEEHA! |