locked
How to use NAT/Basic Firewall form Routing and Remote Access in the VPN to block port 25 for workstations but exchange RRS feed

  • Question

  • We have an Exchange Server 2000 and we are on a few blacklists.  To prevent this from happening again, I would like to block outbound port 25 traffic from the workstations but obviously I would still like to be able to send out mail through our exchange server. We have a Windows 2003 Server as a VPN between the Netopia Model 4522 T1 Router and the LAN. The VPN has 2 interfaces: the public facing the router, and the private facing the LAN. I’ve tried all the possible ways to block/allow traffic thru the port 25, but I end either blocking all the traffic or nothing. I believe the problem is that there is no way for the Netopia to know what private IP form the LAN is sending: if the Exchange or a PC. Therefore, I thought to use NAT/Basic Firewall form Routing and Remote Access in the VPN. How we can configure it to do this?

    Thanks in advance!

    Thursday, January 7, 2010 12:06 AM

Answers

  • Hello,

     

    Thank you for your post here.

     

    From the description, you want to allow only port 25 traffic from the Exchange server.

     

    It seems that you have the network such as:

     

    Internet

    |

    |

    |

    Netopia Model 4522 T1 Router (NAT router)

    |

    |

    |

    Windows Server 2003 RRAS server (router)

    |
    |

    |

    LAN

     

     

    Please understand that RRAS cannot know whether the port 25 traffic can from a client computer or the Exchange server neither. To block all port 25 traffic from the internal network expect from the Exchange server, you may consider to create ACLs/Filters to explicitly allow port 25 traffic only from the Exchange server.

     

    If you have any questions or concerns, please do not hesitate to let us know.

     

    • Marked as answer by Miles Li Wednesday, January 13, 2010 8:51 AM
    Friday, January 8, 2010 2:47 AM