---------- quoting Ludo Stellingwerff ---------- > You could try to SNAT the specific traffic to the LAN address of the > firewall. > > Like: $IPTABLES -t nat -A POSTROUTING -o $LAN_NIC -p tcp --dport 25 -d > 192.168.120.10 -j SNAT --to-source $LOCAL_LAN_ADDRESS > (a very insecure setup, switch it off afterwards!) > > This will give you the possibility to rule-out accesscontrol issues in > exchange. If still doesn't work it's more likely to be a netfilter > problem, if it does work it's more likely an Exchange trouble. Yep indeed, when I use your rule after my DNAT rule, I _can_ connect to Exchange server, so it seems this is the problem. Exchange server is not under my control, but now I know where to continue... Thanks a lot for your help, Ludo! Greetings, Matthias -- Donuts. Is there anything they can't do? -- Homer Simpson Marge vs. the Monorail
