the dst-nat rule is required because there is a server behind that must be accessible from the outside with a mail client. the server should pick up and deliver mails from a mailbox at gmail (with fetchmail) too
I wrote in the thread above that I don't have the problem in all networks.
ether 1 is wan , that's right. behind ether2 are some servers. and ether3 is the internal network where the clients are. from the internal network, access works with a mail client on the gmail server or the gmx server
it doesn't work from the network where the servers are located and that's my only problem. imap does not work only from this specific network. port 25 for the mail server works fine and other services too
the address google.de was wrong. correct is gmail.com
as I said it does not work only from this network area. not even from other servers that are still in there.
"However, if I try to tcptraceroute to any of Google's mailbox servers (pop, imap, ...), I can't seem to connect to any of them. I suspect that google implemented some kind of a very smart defense which also kicks in for such simple attempts as tcptraceroute. However, if the problem lies outside of your network, tcptraceroute should show at least some hops outside your network (your ISP and further)."
that is the reason why i took openssl for testing. From the network with the clients ok, from the network with the servers not ok
tcptraceroute imap.gmail.com 993
Selected device end0, address 192.168.3.2, port 56681 for outgoing packets
Tracing the path to imap.gmail.com (74.125.133.108) on TCP port 993 (imaps), 30 hops max
1 wo-in-f108.1e100.net (74.125.133.108) 0.297 ms 0.157 ms 0.140 ms
2 * * *
traceroute to imap.gmail.com (74.125.133.109), 30 hops max, 60 byte packets
1 192.168.3.254 (192.168.3.254) 0.218 ms 0.139 ms 0.131 ms
2 ip-078-094-020-025.um19.pools.vodafone-ip.de (78.94.20.25) 0.743 ms 0.856 ms 2.386 ms
3 * * *
4 ip-080-069-106-000.um20.pools.vodafone-ip.de (80.69.106.0) 21.822 ms 20.303 ms 21.633 ms
5 de-bom01a-rd04-ae-0-0.aorta.net (84.116.196.90) 28.993 ms 28.942 ms 30.473 ms
6 * * *
7 de-bfe18a-rt01-lag-1.aorta.net (84.116.190.34) 27.983 ms 29.686 ms 29.522 ms
8 74.125.48.122 (74.125.48.122) 32.318 ms 28.922 ms 30.478 ms
9 * * *
10 142.251.64.184 (142.251.64.184) 26.372 ms 108.170.252.65 (108.170.252.65) 16.813 ms 172.253.66.136 (172.253.66.136) 21.085 ms
11 108.170.252.18 (108.170.252.18) 23.724 ms 108.170.252.83 (108.170.252.83) 27.637 ms 108.170.251.144 (108.170.251.144) 23.263 ms
12 72.14.239.167 (72.14.239.167) 24.414 ms 209.85.240.113 (209.85.240.113) 24.521 ms 209.85.242.79 (209.85.242.79) 20.398 ms
13 142.251.79.28 (142.251.79.28) 27.231 ms 37.625 ms 142.251.78.252 (142.251.78.252) 37.333 ms
14 142.251.71.167 (142.251.71.167) 31.118 ms 142.251.79.8 (142.251.79.
33.683 ms 66.249.94.140 (66.249.94.140) 33.348 ms
15 209.85.241.61 (209.85.241.61) 26.688 ms 209.85.241.237 (209.85.241.237) 28.371 ms 27.834 ms
16 * * *