Outbound nat port 25 to external IP



  • Hi,

    I want anything from a subnet/24 port 25, ie smtp, to go be redirected to a listening server on an external ip address.

    I tried to configure the outbound rules as follow:

    Interface - Lan
    Source - Any Port 25
    Translation
    adress (an external ip adress configure in virutal ip)
    Port 25

    However, I dont seem to be getting much success.

    For example I am trying to send mail from a linux client but i dont see the mail being forwarded to the listening server.

    Thanks in advance



  • You don't use an outbound rule for that. Delete everything you did there. You need a NAT rule that catches that traffic from LAN and redirects it to wherever you want.



  • @camay123 : keep in mind that most ISP's on planet earth only accept connection to a port 25 to a (mail !) server they own.
    For example : you can't send mails to gmail.com port 25 (exception : if you run a mail server yourself like postfix or - why not, qmail).

    In the begin (when earth was created) Port 25 was reserved for for inter mail server communications. Mail clients should never ever us that port. (But then, the first ISP's did this stupid thing : they invited hell on eath by letting mail clients connect to their port 25 .... and the mail zombies stood up - spam was invented, live became more complicated for humanity).

    So, even if you mange to "outbound' to an Some-where-on-the-Internet-based-Mail-server, chances are good that this only works if this server is the mail server ran by you ISP - and no other server.

    Btw : mail clients should use 587 (also depreciated since) - now use 465.
    465 means : "use SSL or face a black hole". "Authenticity first or get lost".
    Live is peaceful again now everybody gets aligned with the RFC's



  • Thanks to all who have replied.

    @Gertjan : The zombies do still exist; and some could be intentional zombies... However, some are there to trap them.

    This is why, instead of redirecting port 25 to somewhere on the internet, I would rather catch all outbound port 25 smtp traffic and force a redirect a lan IP. I have revised my strategy. Thanks



  • @camay123 said in Outbound nat port 25 to external IP:

    catch all outbound port 25 smtp traffic

    I just block all outgoing "port 25" connections.
    Because I control all my mail clients on my LAN, and they use '465' for outgoing mails.
    I also run a Captive Portal : same rule.


Log in to reply