Help needed with Outbound NAT rule for SMTP



  • Hi Guys,

    I am trying to create an outbound NAT rule for my exchange server. We have an exchange server on 10.88.0.252 and we are trying to get it to use a different interface that the default gateway to go out on.

    We have 4 interfaces with only 3 in use.

    WAN
    WAN2
    LAN
    OPT1

    WAN is the default GW.
    WAN2 is our second GW.
    OPT1 isn't being used at the moment.

    We also have a OpenVPN tunnel to the rest of our network going over the default GW.

    What I would like to do is have any outgoing mail (port 25) from our Exchange server (10.88.0.252) heading to any external IP address to use the WAN2 connection. I originally thought this would be setup under the outbound NAT rules but this doesn't appear to be the case as I do not have a VIP setup for WAN2 because it is a second GW. I'm obviously have something wrong but a cannot figure out what.

    Any help would be appreciated.

    Kind regards,

    lostone.



  • Well the way I see it, you create two LAN rules that states that if you are coming from 10.88.0.252 and your destination port is 25 and the other rule for source port of 25, use gateway WAN2_GW. This is called policy routing. You will then need to create a manual outbound NAT rule that says if you are coming from 10.88.0.252 on src port or dest port 25, use WAN2_Address as the source IP. Make sure to check your interface assignment when working with manual outbound NAT rules.
    You are going to have to create a port forward for inbound connections on destination port 25 as well.



  • I realize this is old but it is very similar to what I am doing.  I can start a new thread if necessary.  It wasn't really marked resolved, so I thought this might direct more traffic to a related thread.

    I am doing essentially the same thing but only pulling email down for an archive on port 995.  I have done what was described and cannot get it to work.

    Not sure of all the complexities but I really just need port 995 to get to the external mail server and to always go out on wan2.  Let me know if any more info is needed.

    -Failover between Wan and Wan2. 
    -Wan=Tier1, wan2 =Tier2,
    -wan2 is DHCP from ISP,
    -made an outbound NAT rule, could use more direction
    -made the described rules in the proposed solution but can't get the traffic out the correct port.



  • The firewall rules are evaluated from top to bottom until one matches. So make sure that this rule is placed above any other possible matches.


Locked