Packet forwarding breaks connection to a website

Options
cpg_juraj
cpg_juraj Posts: 19  Freshman Member
First Anniversary 10 Comments
edited October 2022 in Security
I recently installed email gateway to relay emails to our exchange. The SMTP port forwards to the gateway now. 
Before, we had a third-party application that was connecting to our exchange to use our SMTP to send out invoices. So I thought to create a NAT to forward only the SMTP traffic from this particular IP address to our exchange server. As soon as I did that the access to the web portal on this IP address stopped responding. 

If anyone has an idea I would appreciate your input. Thank you, Juraj.

The device I am working on is Zyxell Zywall USB100

All Replies

  • WJS
    WJS Posts: 130  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    To restrict the particular IP to access SMTP. NAT settings looks no problem . 
    It is helpful if you can provide the network diagram and mark the IP. 

  • cpg_juraj
    cpg_juraj Posts: 19  Freshman Member
    First Anniversary 10 Comments
    Options
    Hello and thank you for your input. I am not trying to restrict the IP to access the SMTP. I am trying to open the relay to a server that's outside the network.

    The communication on port 25 is being forwarded to a mail gateway that relays the traffic to MS exchange. What I was trying to accomplish was to bypass this mail gateway for the traffic from the only IP address the server communicates from. 

    The rule looks like this:




    Thank you.
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 755  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @cpg_juraj
    Please kindly check you have the latest version  (4.72) on your USG.
    And create the below NAT rule and restrict the certain "source address" to apply different internal IP address (your MS change) 

    Please feel free to contact me if still have concern. 
    Thank you
    Kevin
  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    USG100? Is this a zld 3.x device?
  • cpg_juraj
    cpg_juraj Posts: 19  Freshman Member
    First Anniversary 10 Comments
    Options
    Hello. I am on USG 100 and there isn´t new firmware available. I am on the latest 3.30 unfortunately. 
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 755  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @cpg_juraj
    With new series (ATP/FLEX) . We can restrict the certain source address by different NAT rule. 
    It may reach your requirement. 
    Besides,USG100 was End of Life. Please kindly consider replace the product to enjoy the new feature.
    Thank you
    Kevin

Security Highlight