Hi
You can make exceptions like
rule 10 {
match {
destination-address 0.0.0.0/0;
destination-port 500;
}
then {
destination-nat off;
}
}
And another rule for port 259. This rules should be at the top of the list, before your general rule.
Please tell me if this solves your problem.