Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Traffic Rules for a Kerio Connect behand a NAT (They don't behave as expected.)
  •  
benjalamelami

Messages: 157

Karma: 5
Send a private message to this user
I have two rules:

Source Destination Services Action
KC IP Internet KC Services Allow
Internet KC IP KC Services Allow


But as soon as I put it, all traffic outbound from KC IP is negated. So, I took the outgoing traffic out, and gave the server an username.

But I need to strictly block all SMTP traffic from the LAN side, except for the mail server.

I have several subnets and VPN connections, and thus I want a simple rule to block all traffic from the subnet, unless its the server.
  •  
UnifiedTechs-Brian

Messages: 168
Karma: 15
Send a private message to this user
You didn't include the translation section in your rules list, and I think thats where your issue lies. The following 3 rules will, in order:
1. Allow and Map incoming KC services to KC Server
2. Allow outgoing SMTP from KC Server
3. block all other SMTP traffic from any other device on all subnets.

Source - Destination - Services - Action - Translation
1. Any - "Public IP" - KC Services - Allow - MAP "KC IP"
2. "KC IP" - Internet Interfaces - SMTP - Allow - NAT
3. Any - Internet Interfaces - SMTP - Deny - (BLANK)


To block only devices on a specific subnet change the last line Source to a host with the subnets info:
Source - Destination - Services - Action - Translation
3. X.X.X.X/XX - Internet Interfaces - SMTP - Deny - (BLANK)

- Brian
Kerio Preferred Partner, Reseller & Hosting Provider
Unified Technology Solutions
Previous Topic: Block Proxy and VPN
Next Topic: [BUG] Tunnels not reconnect back
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Apr 28 23:46:08 CEST 2017

Total time taken to generate the page: 0.00741 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.