Allow only some wan IP's access through port 25
-
thanks Derelict
yes your right i did get clicky on the advanced button but i also did that when i used the any rule
so does that explain way my rule didn't work.
-
Certainly doesn't help. Leaving the source port set to any is also in the list of port forward troubleshooting steps.
It shouldn't work with source addresses limited by the alias or with source addresses set to any unless your spam filter provider guarantees that their source port will always be 25, which seems like it would complicate things for them unnecessarily.
-
spam filter provider gave me 2 ips both on port 25 those also came with login informations so i guess its always on that port.
the case i was talking about where it didn't work, was a application on a remote host, that needed access on port xxxx for a license on a licens server on the lan. I haven't tried to use host address with my mail server yet, as i would ask here before risking downtime.
-
Source port is pretty much never specified. I think you're misreading whatever it is they sent you.
-
iam pretty sure but i better read it again then.
and when looking in to it i can se that i added the rule i was talking about in the nat tap where i did put the remote host in the destination field not under source then pfsense did ad the filter rules for me sorry about that. but i did still have to use any for it to work. did i ad the rule wrong or do you think that it was because i also added the port number under destination
-
I can't understand what you're saying. Sorry.
The destination address for a port forward is almost always your WAN address. If you put the source addresses in there, yes, that's wrong and would keep it from working.
If it didn't work you did it wrong. ;)
-
i did it like in the picture in the attachment and that did work but if i change any to the ip of the remote host it docent work
-
Destination should be WAN address
-
Where did you get that picture? dest is almost NEVER any in a port forward.. It would be your WAN address..
I am would be like 99.9999% sure they are not using 25 as their source port either.. Your rule should look just like my rule posted other than your source IPs in your alias and dest of 25..
-
The picture is a screenshot from another pfsense firewall that i have taken over from my boss he said the rules should be that way
so that is what i have been doing since. :-[i guess the reason it is working is becourse that the wan address is a address in the any range and source defaults to any.
i can se that i on yet another firewall did put destination to wan address.. :-X
i have updated the firewall and downtime was about 5 minutes.i will off course update the firewall rules to be:
source = any if host ip is unknown (https/ftp client…), host or alias if host ip is known (spam filter) and if i know the ip and port i will try host and alias and the port number first and if it is not working i will change ports to any (remote app)
destination = always wan ip and port of service (https 443 i will call it something like 88444)
redirect = lan host ip and port of the service