Firewall/NAT

Hi,

I have a monowall 1.3b13 machine that I am using at work. I was using a sonicwall untill 09.35 this morning when the power supply went pop. I'm very impressed with monowall, but have a problem.

I have my generic Internet access connectivity working for the users and most servers. The problem I am having is our email server - an old MS Exchange 5.5 machine (I know, I know). We use message labs to filter our email, so we have a vast selection of network ranges defined on the monowall that we can receive from (messagelabs to dst 25/tcp on our email server) and send to (email server src 25/tcp to messagelabs). This connection is also NATed as our email server has an internal address. I have configured this with an inbound NAT rule using a server NAT IP address. Automatic outbound rules are being used.

We appear to be receiving email fine (though I have no way of telling if this is intermittent, the email server is locked down to only receive from Message Labs hosts, so I can't test from anywhere else) but the send is intermittent. For testing, I've tried telnetting to port 25 on the upstream SMTP server configured in Exchange. When it fails, I get a connection refused message on the client end and the attempt shows up in the firewall logs as being denied. The problem is, I don't see why it's being denied! I have defined the 10 EMEA network ranges that Message Labs uses as aliases in monowall. Then on the LAN interface rule base, I have created 10 rules that allow tcp email_server port smtp to messagelabsrange{01-10} port *. But the outbound connections are still being randomly denied by the firewall.

Any ideas / suggestions would be very gratefully received!

Jules.