Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 768 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP soll auch über VPN erreichbar sein

IT Services26

Hi,

momentan läuft der intern smtpd auf der UTM auf allen interfaces. Das möchte ich gerne beschränken auf LAN und eben VPN, sprich Site2-Site VPN. Bei der Konfiguration der SMTP Interfaces kann ich aber das Site2-Site nicht sehen. Ist ja auch logisch, da kein Interface da ist. Beschränke ich SMTPD auf  "Internal LAN", dann kann der Remoteserver nicht zugreifen. Wie löse ich das Problem? Für mich ist in allererster Linie wichtig, dass der SMTP nicht mehr an den WAN Interfaces lauscht.



This thread was automatically locked due to age.
Parents
  • 0

    Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    You're right that this cannot be done with an IPsec tunnel as the virtual IPsec NIC object was eliminated years ago.  You would need a RED tunnel or an SSL VPN site-to-site in order to do what you want.

    However, you could accomplish virtually 100% of what you want by using a blackhole DNAT for "Internet IPv4" just after a DNAT that permits SMTP traffic from your remote server's IP.  See #2 in Rulz (last updated 2021-02-16).

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    You're right that this cannot be done with an IPsec tunnel as the virtual IPsec NIC object was eliminated years ago.  You would need a RED tunnel or an SSL VPN site-to-site in order to do what you want.

    However, you could accomplish virtually 100% of what you want by using a blackhole DNAT for "Internet IPv4" just after a DNAT that permits SMTP traffic from your remote server's IP.  See #2 in Rulz (last updated 2021-02-16).

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML