PFsense 2.2.2 pop3

NOYB

From that same client…

1. Can the POP3 server name be resolved to IP address?  nslookup mail.mi-synergy.com
2. Can the POP3 server be pinged?  ping mail.mi-synergy.com
3. Can the POP3 server be connected to on port 110?  telnet mail.mi-synergy.com 110

If the client is Windows 8, the telnet client may not be active by default.  To activate it go to Control Panel - Programs - Turn Windows Features on or off.  Once there find Telnet Client.

damithudayangakumara

From that same client POP3 server name can't resolved ,can't ping and can't telnet. but i can browse the internet…
when disconnect LAN and plug a usb dongle i can send and receive mails..

doktornotor

You need to allow UDP for DNS to work. You need to allow ICMP to ping. The last LAN rule should be ANY as protocol, not TCP!

damithudayangakumara

At this moment i can't add any rules for pfsense because now our working hours.  i'll informed you after i adding that rules
thank you doktornotor,

Gertjan

@doktornotor:

You need to allow UDP for DNS to work. You need to allow ICMP to ping. The last LAN rule should be ANY as protocol, not TCP!

Good shot !
DNS is completely out - ping also.
I wonder what the meaning is of that "TCP only rule" (except break an Internet connection).

@damithudayangakumara : you blocked the web GUI access, are you using https ? Do you have people on your LAN that you do NOT trust ?

doktornotor

@Gertjan:

I wonder what the meaning is of that "TCP only rule" (except break an Internet connection).

I think it has no meaning, except for being poorly chosen default for new rules for some reason which users forget to change.

damithudayangakumara

@Gertjan:

@doktornotor:

You need to allow UDP for DNS to work. You need to allow ICMP to ping. The last LAN rule should be ANY as protocol, not TCP!

Good shot !
DNS is completely out - ping also.
I wonder what the meaning is of that "TCP only rule" (except break an Internet connection).

@damithudayangakumara : you blocked the web GUI access, are you using https ? Do you have people on your LAN that you do NOT trust ?

no i want to monitor what are they access and there usages..

damithudayangakumara

@doktornotor:

You need to allow UDP for DNS to work. You need to allow ICMP to ping. The last LAN rule should be ANY as protocol, not TCP!

after adding this  "IPv4  *    *  *  *  *  *  none"
guys pop3 error has been solved..

thank you all …

doktornotor

You just need the second rule. That TCP/UDP and ICMP one is completely redundant when you have the (default) allow all on top of them.

stephenw10

I'll just point out that your WAN side rules are similarly flawed.
Your NAT rules to allow IPSec traffic to a server at 192.168.0.9 will not pass the required UDP traffic.

Steve