PAT in both directions

I need to do port address translation in both directions, so inbound and outbound SMTP use the same public IP. Address is 1.1.1.1 so I do an SNAT for port 25 from 1.1.1.1 to 10.1.1.1 and things are happy that way. Then do I just do a NAT for 10.1.1.1 to any external set the source to 1.1.1.1 and put that rule ahead of NAT 10.1.1.0/24 that sets the source to 1.1.1.2? It seems to work, but is there a way to limit it to just port 25 and not all ports for the outbound?

Comments

  • You can remove the outgoing D.NAT config and just add an outgoing SMTP policy
    FROM: 10.1.1.1
    TO: Any-External
    and in Policy’s Advanced Setting configure 1.1.1.1 there as the Source IP

  • Thanks!

Sign In to comment.