Information: Three minute survey on Exploring more ways to contact Sophos Technical Support. If you can spare the time, we would love your feedback!
We'd love to hear about it! Click here to go to the product suggestion community
currently I am running out of ideas how to correctly NAT internally connected IMAP clients to our internal mail server.
- IMAP client account with mail.domain.de over port 993 configured- Masquerading: Internal (Network) -> External- DNAT: Internet IPv4 -> IMAP SSL -> External (Address) --> internal IP mailserver (mail.internal.local)- I made sure nothing of the IMAP traffic gets blocked by the firewall- WLAN internal bridged to AP LAN
- IMAP connection works if the client connects from outside the internal network (e.g. WLAN at home)- IMAP connection does NOT work if the client is connected via internal WLAN
- running a tcpdump shows, the client establishes connection to mail.domain.de but gets answers from mail.internal.local
So I tried to set up SNAT to change the answer from mail.internal.local to mail.domain.de and a DNAT to change the destination of internal requests from mail.domain.de to mail.internal.local.
- now it showed requests and answers to and from mail.domain.de
But still, the internally connected IMAP client can't connect to the mail server over 993.
Maybe someone is able to enlighten me here. :)
You need to add a full nat rule to allow for internal traffic to go back inside through the external interface.
Traffic from: Internal networkGoing to: External (Address)Map source: Internal (Address)Map Destination: Internal IP mailserver
In reply to apijnappels:
Thank you very much. Although I forgot to mention, that our public IP address does not run on the external interface of the SG, your Full NAT suggestion was correct. I just had to change the "going to" to the public IP address.
In reply to Philipp N.:
You might also be interested in Accessing Internal or DMZ Webserver from Internal Network.
Cheers - Bob
Instead of this,use the recommendation of Bob.
Read the article to use DNS and dns hostnames.
It will resolves all other problems you may have