Only allow port 25 traffic through specific IPs
-
I'm wondering how I can configure my pfSense box to ONLY allow traffic through port 25 on two specific IP addresses. This is do-able with pfSense right?
-
you mean outbound to the internet form your ips inside, or from outside (internet) to something behind pfsense?
-
Yes, doable. Assuming you mean outbound SMTP, create an alias with the IP you wish to allow, then create a LAN rule permitting the alias to any port 25. Add a rule after to block smtp from the lan subnet to any on port 25.
-
This one additionally sends SMTP traffic out a specific gateway since outbound TCP/25 is blocked by the ISP on the other connection
 -
I'm looking to lock-down the network in regards to port 25. I have an exchange server running behind the firewall with all ports open. I mean outbound port 25. I only want the mail server to be able to communicate over port 25.
-
Do what dotdash said.
-
What dotdash did would allow it on 25, and stops others from talking on 25, but what sounds like he only wants his exchange server to talk 25. So it needs no other internet access? No windows updates, antivirus, etc. It has not need to talk to anything on the internet other than 25?
How does it look up these mail servers its going to send email too? Does it ask your pfsense for dns?
Your going to need to create rules that allow it to talk to pfsense for dns, or how would it look up the MX records. Or some other dns. Then create a rule that allows it out on tcp 25 only. Then under that create a block rule for any any for its IP.
