With it disabled, I see the POP3 traffic NAT'd when sniffing the WAN external interface. The UTM machine is named "remote" here. Note that the packets are from the UTM's public IP to the POP server.
[FONT="Courier New"]20:41:12.404346 IP remote.50607 > mail.example.com.pop3: Flags [FP.], seq 1627:1664, ack 145726, win 6103, options [nop,nop,TS val 38387927 ecr 180429119], length 37
20:41:12.429768 IP mail.example.com.pop3 > remote.50607: Flags [.], ack 1665, win 6043, options [nop,nop,TS val 180429249 ecr 38387926], length 0
20:41:12.642916 IP mail.example.com.pop3 > remote.50607: Flags [P.], seq 145726:145827, ack 1665, win 6043, options [nop,nop,TS val 180429462 ecr 38387926], length 101
20:41:12.644826 IP mail.example.com.pop3 > remote.50607: Flags [R.], seq 145827, ack 1665, win 6043, length 0
20:41:12.649126 IP remote.50607 > mail.example.com.pop3: Flags [R], seq 2241303561, win 0, length 0[/FONT]
When I enable the POP3 proxy, I now see the following with the same sniffer.
[FONT="Courier New"]20:43:22.231152 IP 10.10.0.101.43689 > mail.example.com.pop3: Flags [R], seq 2289853176, win 0, length 0
20:43:22.231627 IP 10.10.0.101.43689 > mail.example.com.pop3: Flags [R], seq 2289853176, win 0, length 0[/FONT]
WTF? That's the IP of the client on the internal network seen in packets on the external interface un-NAT'ed. Seems something is very wrong.
This thread was automatically locked due to age.