I have installed Endian Community Firewall 2.3 and am clearly misunderstanding/doing something wrong with it. I'm trying to create some destination NAT rules to allow incoming connections to various services within the network.

• Router - RED I/F - x.x.x.x
• Router - GREEN I/F - 192.168.11.253
• ECF - RED I/F - 192.168.11.254/24
• ECF - GREEN I/F - 192.168.12.254/24
• Target server - 192.168.12.1

Please ignore the haphazard choice of subnets and addresses- I'm trying to quickly plop Endian into an existing network before a complete rework in 6-12 months so for now.

Everything works except destination NAT, so outgoing connections are fine, the routes between the two subnets are OK etc.

I want to create various incoming NATs but let's take for the sake of argument, SMTP port 25 from the Internet to Target server 192.168.12.1.

I've tried almost every combination of options in the Destination NAT section to achieve this and clearly am doing something wrong. I suspect my confusion must be somewhere in the Access From and/or Target section.

The rest seems OK

Filter Policy = Allow
Service = SMTP
Protocol = TCP
Port = 25
Translate to type = IP
DNAT Policy = NAT
Insert IP = 192.168.12.1
Port Range = 25
Enabled = Checked
Position = First

I can't work out what I'm doing wrong, or am I doing it right and it's just not working!?

Any help would be greatly appreciated.