Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 29 December 2024, 08:09:37 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  DNAT Policy Not working correctly - can someone give me a hand!?!
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: DNAT Policy Not working correctly - can someone give me a hand!?!  (Read 9661 times)
jbrent
Jr. Member
*
Offline Offline

Posts: 3


« on: Friday 11 December 2009, 06:53:44 am »

First off - Endian Community is blowing the socks off my aging Symantec Gateway Security 1620...Rock.
FTP access speeds have doubled web traffic speeds have double... Amazing.

I have everything working beautifully except for one snafu which might make me have to roll back to my old appliance.

Here is my setup:

Endian External IP: 207.67.55.x
Internal IP: 10.0.0.2
Barracuda: 10.0.0.3
Exchange: 10.0.0.4

My Problem:

I only allow our internal network (10.0.0.x) to use smtp in Exchange.
All our incoming mail from the world hits 207.67.55.x and is routed to our Barracuda which delivers email to our Exchange server.
I have setup a SMTP backdoor for people outside the office to use if port 25 is blocked by their ISP or hotel or whatever.
I use port 465 for this purpose.
So I setup a Port Forwarding / NAT rule the same way I do with SMTP but instead of 25, I use 465.
Instead of routing port 465 traffic to the barracuda, I route it to our Exchange server.
I set the DNAT Policy to "Do Not NAT" and enabled logging.

All is well right?  Wrong...

When I telnet to 207.67.55.x from my home on port 465 I get nothing.  Connection Times out.
When I telnet to 207.67.55.x from my home on port 465 with "NAT Policy" set to "NAT",  the connection works and it passes traffic just fine to my exchange server as the ip address from my home. 
This will obvsiouly not allow you to send mail. 

I need the traffic to be passed to our exchange server as the ip address of the Endian Firewall (10.0.0.2). 
So I should just be able to turn off the DNAT Policy and set it to "Do Not Nat" but it doesn't work that way.

I have played with some system access settings and that doesn't seem to be of any help.

How can I make all traffic on port 465 leave the endian firewall as if it came from the endian firewall?

Hit me up!  I'm desperate!

Thanks guys!
Logged
jbrent
Jr. Member
*
Offline Offline

Posts: 3


« Reply #1 on: Saturday 12 December 2009, 06:27:01 am »

Fixed...

I needed a source NAT... but I didn't know that I could leave the "source" field blank!

All is good!

YEEHA!
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 20 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com