What on earth are you talking about! There is NO reason to port-map 25 to 587 OUTBOUND, only inbound. It works flawlessly, trivially and correctly here with just one firewall rule. The "mirror" of it is wrong and unneeded. Get any SNAT rules dicking with port numbers out of there.
Dan My firewall rule (the ONLY one for SMTP either way): -A PREROUTING -p tcp -m tcp -m multiport --dports submission -d public-mx-address -j DNAT --to-destination private-imail-address:25 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Wolf Sent: Wednesday, December 29, 2004 6:51 PM To: [email protected] Subject: Re: [IMail Forum] SonicWall NAT for port 587 to IMail I've been trying to get this to work, and spent two hours on the phone with SonicWall (TZ170 Enhanced OS). They claim that there's no way to do it. Here's the problem: Normal connection comes in on WAN port 25 and is redirected to LAN on port 25, then Imail replies on port 25 and everything works fine. >From blocking ISP connection comes in on WAN port 587 and is redirected to LAN on port 25. Now the problem comes in... Imail replies on port 25, but reply never makes it back to original connection because they are listening on 587. If you create the outbound rule to redirect the outbound port 25 to port 587 then you do the same for ALL port 25 connections... the result is the "normal" connections would come in on port 25 and go out on 587. Result, according to SonicWall is that it can't be done. If you create an inbound rule to redirect port 587 to port 25 you must then create an outbound rule to redirect port 25 to 587. This breaks most all normal SMTP connections. Any ideas other than a software redirect that may have security problems? Thanks, Joe ----- Original Message ----- From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Saturday, September 11, 2004 11:14 AM Subject: RE: [IMail Forum] Cisco NAT for port 587 to IMail Create service SMTPAUTH for port 587 remote port 25 local RULE: ALLOW - SMTPAUTH - WAN, all - LAN(DMZ) Imailserveripaddress John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:IMail_Forum- > [EMAIL PROTECTED] On Behalf Of Jay Calvert > Sent: Saturday, September 11, 2004 10:02 AM > To: [email protected] > Subject: Re: [IMail Forum] Cisco NAT for port 587 to IMail > > Anybody know how to do this with a SonicWALL? > > Thanks! > ----- Original Message ----- > From: "Darin Cox" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Saturday, September 11, 2004 8:13 AM > Subject: Re: [IMail Forum] Cisco NAT for port 587 to IMail > > > > Didn't realize we switched off-list...for the benefit of others wanting to > > do this in their Cisco gear... > > > > Darin. > > > > ----- Original Message ----- > > From: "Darin Cox" <[EMAIL PROTECTED]> > > To: "David Dodell" <[EMAIL PROTECTED]> > > Sent: Saturday, September 11, 2004 11:11 AM > > Subject: Re: Re[2]: SPF Records and Off-Network Customers > > > > > > That was also discussed recently...in any case it would be something > like... > > > > access-list outside_access_in permit tcp any host <External IMail Host IP> > > eq 587 > > static (inside,outside) tcp <External IMail Host IP> 587 <Internal IMail > > Host IP> smtp netmask 255.255.255.255 0 0 > > > > ...assuming the access list from outside to inside is named > > outside_access_in > > > > You'll need to set aside a separate internal and external IP for this to > > avoid a conflict in your NAT rules. > > > > Darin. > > > > > > ----- Original Message ----- > > From: "David Dodell" <[EMAIL PROTECTED]> > > To: "Darin Cox" <[EMAIL PROTECTED]> > > Sent: Saturday, September 11, 2004 10:59 AM > > Subject: Re[2]: SPF Records and Off-Network Customers > > > > > > > IMail can't do it, but you can NAT with a firewall, or use a port > > redirector > > > on your server to redirect port 587 to 25. There have been recent > > > discussions in the list on this topic. > > > > That is what I thought .. unfortunately I don't know how to do that in > > my Cisco router ... I'll have to ask around. > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
