>>> picosecond.com. 86400 IN MX 20 mail.picosecond.com.
>>> picosecond.com 86400 IN MX 10 web.picosecond.com.
>>> web.picosecond.com 86400 IN A 220.127.116.11
>>> mail.picosecond.com. 86400 IN A 18.104.22.168
>>> above mail servers have an internal address of 192.168.1.55 and
>>> 192.168.160 respectively.
>> External port range from: SMTP
>> to: SMTP
>> NAT IP: 192.168.1.55
>> Local port: SMTP
>> Description: SMTP to Web
> Thats Wrong! The External port must not be set to SMTP, because
> TCP connection by a normal computer has a starting port of > 1024 !
> leave this free!
A NAT rule is different than the firewall rule. The NAT rule defines
what external port is forwarded to what internal port. The NAT rules I
described specify that port 25 on public IP x will be forwarded to
port 25 on private IP y.
Firewall rules allow or disallow traffic based on source (IP and/or
port) and/or destination (IP and/or port). The firewall rule that will
be automatically created (if the auto-create checkbox is checked) will
have the correct source IP of "any" and port of "any". The destination
of the firewall rule will be the private IP and port 25. (The
auto-created rules will also have NAT in the beginning of the
Theoretically, if you define a NAT rule with a external port of ANY
and allow a firewall rule to be created you will be opening that
private IP to the world on all ports. (Not a best practice...)
James W. McKeand