Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help needed with Outbound NAT rule for SMTP

    Scheduled Pinned Locked Moved NAT
    4 Posts 4 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lostone
      last edited by

      Hi Guys,

      I am trying to create an outbound NAT rule for my exchange server. We have an exchange server on 10.88.0.252 and we are trying to get it to use a different interface that the default gateway to go out on.

      We have 4 interfaces with only 3 in use.

      WAN
      WAN2
      LAN
      OPT1

      WAN is the default GW.
      WAN2 is our second GW.
      OPT1 isn't being used at the moment.

      We also have a OpenVPN tunnel to the rest of our network going over the default GW.

      What I would like to do is have any outgoing mail (port 25) from our Exchange server (10.88.0.252) heading to any external IP address to use the WAN2 connection. I originally thought this would be setup under the outbound NAT rules but this doesn't appear to be the case as I do not have a VIP setup for WAN2 because it is a second GW. I'm obviously have something wrong but a cannot figure out what.

      Any help would be appreciated.

      Kind regards,

      lostone.

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Well the way I see it, you create two LAN rules that states that if you are coming from 10.88.0.252 and your destination port is 25 and the other rule for source port of 25, use gateway WAN2_GW. This is called policy routing. You will then need to create a manual outbound NAT rule that says if you are coming from 10.88.0.252 on src port or dest port 25, use WAN2_Address as the source IP. Make sure to check your interface assignment when working with manual outbound NAT rules.
        You are going to have to create a port forward for inbound connections on destination port 25 as well.

        1 Reply Last reply Reply Quote 0
        • L
          leep90
          last edited by

          I realize this is old but it is very similar to what I am doing.  I can start a new thread if necessary.  It wasn't really marked resolved, so I thought this might direct more traffic to a related thread.

          I am doing essentially the same thing but only pulling email down for an archive on port 995.  I have done what was described and cannot get it to work.

          Not sure of all the complexities but I really just need port 995 to get to the external mail server and to always go out on wan2.  Let me know if any more info is needed.

          -Failover between Wan and Wan2. 
          -Wan=Tier1, wan2 =Tier2,
          -wan2 is DHCP from ISP,
          -made an outbound NAT rule, could use more direction
          -made the described rules in the proposed solution but can't get the traffic out the correct port.

          1 Reply Last reply Reply Quote 0
          • J
            joako
            last edited by

            The firewall rules are evaluated from top to bottom until one matches. So make sure that this rule is placed above any other possible matches.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.