While I don't have a SonicWall, it seems to me that any stateful inspection firewall would automatically remap the port outbound for the same connection, thereby maintaining the "state" of the connection. We have had port 2525 external mapped to port 25 internal on our mail server for ages (before we found out about 587, when we just needed a way around ISP's port 25 blocking). It has never required the reverse.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Barker Sent: Wednesday, December 29, 2004 8:31 PM To: [email protected] Subject: RE: [IMail Forum] SonicWall NAT for port 587 to IMail What on earth are you talking about! There is NO reason to port-map 25 to 587 OUTBOUND, only inbound. It works flawlessly, trivially and correctly here with just one firewall rule. The "mirror" of it is wrong and unneeded. Get any SNAT rules dicking with port numbers out of there. Dan My firewall rule (the ONLY one for SMTP either way): -A PREROUTING -p tcp -m tcp -m multiport --dports submission -d public-mx-address -j DNAT --to-destination private-imail-address:25 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
