Cisco - Transparent Router (Brouter) and port forward?

[Karandras]

Hey,

So I have a client that has no firewalls in front of their servers is colo. It's a couple a plesk servers so needing specific ports open. On these servers there are already static IPs assigned so I wanted to drop an extra c1811 I have here in place. I setup the bridged mode between fa0 and vlan1. That works. But right when I thought all was well I was trying to figure out how to get port forwarding going. I need to forward all port 25 traffic to their barracuda spam 300 for scrubbing.

The only way I've ever tried to do port forwarding is through NAT(PAT) is there another way, or some way I can set this up to not have to adjust the IPs on the servers since those are in use by customers?

Thanks,

 

[AeonF1]

I would create a DNS entry for the Barracuda's IP and then update your MX records so it points to the Barracuda, which will then forward mail (after scanning) to the respective domain's mail server.

Unless I'm wrong here and that senders aren't doing a DNS lookup and are strictly sending mail to a set IP address which isn't really a normal setup.

 

[mwarps]

Always goes to MX.

If the servers are publicly addressed, AeonF1's thought will work.

 

[Karandras]

So it's not recommended to forward all port 25 traffic to the barracuda but rather use DNS (MX) to point to the barracuda.

Sounds good to me. Don't have to worry too much about the port forwarding then.

Thanks!

 

[austeze]

You could always policy route the traffic as well: http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpbr.html