Quote:
Originally Posted by rayden69  The way to do this is with the use of all of the policy including NAT and a little bit of what is called in the Cisco world PAT. Since you are only asking tcp port 25 (SMTP) to go out the other interface you will need to set up a NAT rule before you overload traffic.
on the Original Packet Side:
Source: the network, group or host
Destination: you can set as any (if you do this you may need to build a no nat between your own networks rule prior to this)
Service: SMTP (TCP 25)
Translated Packet Side:
Source: the ip nat ip you want all smtp traffic coming from (has to be on the inteface side you want traffic to go out)
Destination: any
Service: SMTP
After that you will need a rule allowing traffic outbound
you will then most likely want to reverse this for incoming traffic and set your mx to the nat ip you specified above.
If you this isn't clear enough please let me know and I can give examples! |
Can you explain how this will work? I can source NAT something to anything I want to, but that isn't going to control how the OS will route it. If you implement that NAT, it will still get routed out whatever interface is the default. This will only change the behaviour of where reply packets go to. You are then in an asymmetric routing situation, which will probably work if they are simple routers outside the firewall, but it becomes a pain after a while, especially for troubleshooting.