Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound nat port 25 to external IP

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 431 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      camay123
      last edited by

      Hi,

      I want anything from a subnet/24 port 25, ie smtp, to go be redirected to a listening server on an external ip address.

      I tried to configure the outbound rules as follow:

      Interface - Lan
      Source - Any Port 25
      Translation
      adress (an external ip adress configure in virutal ip)
      Port 25

      However, I dont seem to be getting much success.

      For example I am trying to send mail from a linux client but i dont see the mail being forwarded to the listening server.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        You don't use an outbound rule for that. Delete everything you did there. You need a NAT rule that catches that traffic from LAN and redirects it to wherever you want.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by Gertjan

          @camay123 : keep in mind that most ISP's on planet earth only accept connection to a port 25 to a (mail !) server they own.
          For example : you can't send mails to gmail.com port 25 (exception : if you run a mail server yourself like postfix or - why not, qmail).

          In the begin (when earth was created) Port 25 was reserved for for inter mail server communications. Mail clients should never ever us that port. (But then, the first ISP's did this stupid thing : they invited hell on eath by letting mail clients connect to their port 25 .... and the mail zombies stood up - spam was invented, live became more complicated for humanity).

          So, even if you mange to "outbound' to an Some-where-on-the-Internet-based-Mail-server, chances are good that this only works if this server is the mail server ran by you ISP - and no other server.

          Btw : mail clients should use 587 (also depreciated since) - now use 465.
          465 means : "use SSL or face a black hole". "Authenticity first or get lost".
          Live is peaceful again now everybody gets aligned with the RFC's

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • C
            camay123
            last edited by

            Thanks to all who have replied.

            @Gertjan : The zombies do still exist; and some could be intentional zombies... However, some are there to trap them.

            This is why, instead of redirecting port 25 to somewhere on the internet, I would rather catch all outbound port 25 smtp traffic and force a redirect a lan IP. I have revised my strategy. Thanks

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @camay123
              last edited by

              @camay123 said in Outbound nat port 25 to external IP:

              catch all outbound port 25 smtp traffic

              I just block all outgoing "port 25" connections.
              Because I control all my mail clients on my LAN, and they use '465' for outgoing mails.
              I also run a Captive Portal : same rule.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.