I hit a wall here:
What i want:
I have a useless exchange server in a network which ofc costs an insane amount of money yet no antipam and stuff so what i am trying to do:
My postfix server from building A is the antispam which will filter then relay the mail to the exchange
What i am trying to do is: only accept mail on 25 from postfix but allow smtp connections on a different port for clients
On the MK where the exchange server is i have the following nat rules:
;;; EXchange 2525
chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=25 protocol=tcp in-interface=E1-Wan dst-port=2525
;;; EXchange 110
chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=110 protocol=tcp in-interface=E1-Wan dst-port=110
;;; EXchange 25
chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=25 protocol=tcp in-interface=E1-Wan dst-port=25
The filter rules:
;;; Accept smtp
chain=forward action=accept protocol=tcp in-interface=E1-Wan dst-port=2525
;;; Drop smtp unless from postfix
chain=input action=drop protocol=tcp src-address-list=!safe in-interface=E1-Wan dst-port=25
My problem is: with these 2 rules it blocks all ... i can't telnet on 2525 either
Everything goes to the 2nd filter rule
I am sure that only 1 rule must be changed or something, the minute i disable the 2nd rule all is fine. I can telnet from the postfix server without a problem.
Anyone got an ideea on how i could change this so it will accept connection on 2525 while dropping on 25?
Thank you