> > The problem is that since your firewall is not stateful, it doesn't know > whether an outgoing packet is one from a connection that IMail > started (an > outgoing connection), or one that a remote computer started (an incoming > connection). > > For example, if I connect to your IMail server, my requests to you will > come from port 1080 (a "random" number over 1024) to your port > 25. When I > initially make the connection, a stateful firewall will see that I am > connecting to your server, and it will let you send packets back to me to > my port 1080. >
Ah. I begin to understand the problem. > However, on your firewall which isn't stateful, it just sees IMail trying > to send a packet to port 1080. Since it doesn't know that I started the > connection, it thinks you are trying to connect to port 1080 on another > computer, which you have not allowed. > Ah. I see. The firewall device has a section called Special Applications which says the following.... "Some applications require multiple connections, like Internet games, Video conferencing, Internet telephony and so on. Due to the firewall function, these applications can not work with pure NAT router. Special Applications makes some of these applications to work with NAT router. The settings are: Trigger: the outbound port number issued by the application. Incoming ports: when the trigger packet is detected, the inbound packets to the specified port numbers are allowed to pass through the firewall. " Although I don't quite understand this, might it help? or are we on a no-winner here because of the basic functionality of the device we're using? > So it is impossible to do what you want (block certain types of outgoing > traffic), That's not strictly true as I can block or allow different outgoing ports for different IP addresses on the network and I assumed it was just a case of identifying which ports to allow the Imail server to use but no-go - hence my asking for help. Thanks for trying. The situation is better than it was but I guess I'm going to have to look at a much more advanced system sometime in the future. - Howard Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
