Before you go off and do this, you might want to consider using RPC over HTTP (aka "Outlook Anywhere"). This gateways the MSRPC protocol over HTTP (or HTTPS) and might make life easier for you re: forwarding this traffic thru the firewall.
Here's the server-side instructins for statically assigning ports: http://support.microsoft.com/kb/270836
You would be making this change only on the Exchange Server computer(s) that the Outlook clients would be talking to. The change will require a "bounce" of the Exchange services but should not require a reboot of Windows.
Have a look at this article re: RPC over HTTP: http://support.microsoft.com/kb/833401
You'll like RPC of HTTP better, I think, and it's more "supported".
iptables -t nat -A PREROUTING -p tcp -i eth1 -d 10.10.1.0/24 \
--dport 12345 -j DNAT --to-destination 123.123.123.123:12345
Locally generated traffic will never pass through the PREROUTING chain. You can verify this by adding a rule like this:
iptables -t nat -A PREROUTING -j log -m limit --limit 1/s
If you're not familiar with iptables, the above rule means:
- Log (at a maximum rate of 1 message/second) any packets traversing the PREROUTING chain.
Watch your log files while you make outbound connections, and you'll see that nothing is passing through this chain. The PREROUTING chain only comes into play for traffic coming into your system from an outside source.
You might think you could do this in the OUTPUT chain:
iptables -t nat -A OUTPUT ... -j DNAT ...
But by the time a packet hits the OUTPUT
chain the routing decision has already been made. You can probably get you want by using a REDIRECT
rule in the OUTPUT
chain and then running a tcp proxy on a local port that redirects connections to your destination. That is, you can add a rule like this:
iptables -t nat -A OUTPUT -p tcp -d 10.10.1.0/24 --dport 12345 \
-j REDIRECT --to-ports 12345
And then run a tcp proxy locally on port 12345.
Best Answer
I don't know of any way to do this short of modifying the source code, and even then, Firefox may be calling closed netcode on Windows (ie, it might be using Visual C++ libraries).
I'm confused why you'd want to do this. Most firewalls have different rules for outgoing and incoming connections, and limiting outgoing ports is quite unusual as they're listening only for traffic from a specific TCP session. Destination ports are much more security sensitive as they are open and listening with no established sessions.