Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 4347 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inbound port 25 blocked by ISP, open external port 26 to internal port 25

dbaljet
Hi,

We just replaced our LANCOM router with a Sophos UTM 120.
I'm using a new out of the box UTM with version 9.005-16.

Because our ISP is blocking inbound port 25, we asked our antispam provider to deliver our email on port 26. This worked great with the LANCOM router.

I just created a new NAT rule on the Sophos UTM, but somehow it isn't working.

This is my NAT rule:

Position: 0
Rule Type: DNAT (Destination)
For traffic from: ANY
Using service: SMTP26 (service def.: TCP Dest. port: 26, Source port: 1:65535)
Going to: External (WAN address)
Change destination to: Mailserver
And the service to: SMTP
Automatic firewall rule: enabled.

If I telnet port 26 on our public IP, I get nothing.
In the internal LAN I can connect to the mailserver on port 25.
What am I doing wrong?

These are my masquerading rules:
Rule 1: Internal (network) -> External (WAN)
Rule 2: Any -> Internal


This thread was automatically locked due to age.
  • 0
    You don't need a masquerading rule from outside to internal (any -> internal).
    Only from internal to external is usually needed.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Hi apijnappels,

    Could this cause my issue i'm having?
  • 0
    It could be the cause, since NAT is usually the first responder to any packet coming to your UTM from outside. After a NAT rule is applied, no other rules would be processed on this traffic. Try disabling this rule and test again.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Hi, dbaljet, and welcome to the User BB!

    I suspect that you've run afoul of what I call Rule #3:

    Never create a Host/Network definition bound to a specific interface.
    Always leave all definitions with 'Interface: >'.



    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi,

    @APijnappels, it solved my problem.
    @BAlfson, Interface for the host is set to any. Before I posted this thread, I searched the forum for this issue. On almost all threads I found about this kind of a problem, I've seen you posting your solution. So this was the first thing i Checked [:)]
Cookie Information Banner