Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Jan 2019
    Posts
    2

    Default Source NAT for a specific port (SMTP)

    Hello,

    I am working with an Untangle U50X and have a question about whether it is possible to set up a source NAT rule that would apply to specific source port only.

    Here's the setup:
    Single WAN with a /29 subnet (5 usable Public IP's)
    Single LAN with a /24 subnet

    There is an Exchange 2016 server on the LAN at 192.168.1.152. Incoming port forward rules are already set up to direct OWA and SMTP traffic to this server on the Public IP 96.80.214.50 (which is one of the 5 usable IP's but not the interface IP).

    I would like to set up a source NAT rule to send all SMTP traffic from the Exchange server out of the network on 96.80.214.50. I can see that it is possible to set up a source NAT rule to send all traffic from 192.168.1.152 out on 96.80.214.50 but it doesn't look like it's possbile to create a source NAT rule that will apply to only SMTP traffic on port 25 from 192.168.1.152. This server also runs other services so I'd like to just scope the source NAT rule to SMTP traffic only.

    I've attached a screenshot of the Source NAT rule, the field that seems to be missing is source port and source port is not an available selection in the add condition menu.

    2019-01-16 13_41_52-ITPartners+ - u50x.png

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,846

    Default

    Generally there is no need for port on outbound NAT. Otherwise you will need to contact support for expert mode.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,679

    Default

    In this case, you want to set a destination port condition for port 25, not a source port condition.

    SMTP traffic for your Exchange server listening on port 25 is already handled by your port forward rules. The NAT rule is only for outbound traffic, where your server is forwarding messages to other destination servers. In this case, the destination servers will listen on 25 and your server will use an ephemeral (>1024) port for it's end as the source port, such that port 25 is destination port and the source port is unknown until the server actually tries to make a connection.
    Last edited by jcoehoorn; 01-16-2019 at 01:25 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.1.1 to protect 500Mbits for ~400 residential college students and associated staff and faculty

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,359

    Default

    Exchange LISTENS on TCP 25, it does not TRANSMIT from TCP 25. Like most things it chooses a random high numbered port to connect to something else's TCP 25. So you do not want source port here, you still want destination port. Which is precisely why it was REMOVED!

    *Edit* see jcoehoorn types a bit faster than me!
    jcoehoorn likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Jan 2019
    Posts
    2

    Default

    @jcoehoorn thanks for the reply. I can see now why source port is not what I would want in this case and destination port would fit the bill. I appreciate you taking the time to flesh out your answer with a nice amount of detail to make it easy to understand and my hope is that this thread will be helpful for other users that may have the same question in the future.


    @sky-knight, While I'm sure my question seemed silly to you, I find your the tone of your response to be a bit brash. This was my second post on the forums and though I will readily admit I wasn't thinking about the way this rule needed to be created correctly, I think it's important for you to understand that people are going to come here to the forum and post in situations exactly like that. If I had worked with Untangle as long as you have I wouldn't have posted this question and your use of caps in your reply feels a lot like yelling. I know that you are a veteran on these forums and a very experienced Untangle user. What you have contributed to this community is great, just take it easy on us first time posters ok?
    Last edited by chadius; 01-17-2019 at 01:44 PM.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,359

    Default

    My response wasn't intended to reflect any negativity, or hostility, only emphasis on specific topics. That's why there's an emoji in there, because I was honestly giggling to myself while I typed it. These forums are wonderfully repetitive, and in all seriousness, it's the simple things that just eat us all alive in this crazy IT work we do.

    So while I understand what you're trying to say, please also understand that after answering the same question for the 100th time, and out of respect for your time, I make an effort to keep posts as short as possible. I want your issue resolved, quickly, and enough information passed to reinforce good future habits. It's a tough line to tow honestly, because online etiquette isn't exactly a proven science. It doesn't help that all caps has been used in technical circles for emphasis for far longer than people have used it to yell at each other online. So I'd caution you not to read negativity into text by default, I find it makes the Internet a rather bleak place.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2