Rules for unusual SMTP setup
-
I need to Allow LAN to LAN SMTP while blocking LAN to WAN SMTP. Im sure its been discussed before, but I cannot seem to locate the scenario I have. Explanation below:
|Zabbix
|_
| | #Mail Server(2) - Sends to Local WAN, AND over VPN to Mail Server1
|PFSense(2)|–-----------LAN2 10.0.46.xxx---------- #Webserver - Can ONLY send to Anti Spam Appliance(1)-******
|________ | #Anti Spam Appliance(2) (Incoming SMTP - Outgoing ONLY to Mail Server2)
| Internet
|
| VPN PFSense to PFSense Over Internet
|
|
|
| Internet
| | #Mail Server(1) - Sends to Local WAN and over VPN to Mail Server2.
|PFSense(1)|-------------LAN1 10.0.49.xxx---------- #Zabbix - Needs to send to Mail Server(1) and Mail Server(2)
|________ | #Local Appliances - Needs to send to Mail Server(1) and Mail Server(2)
#Anti Spam Appliance(2) (Incoming SMTP - Outgoing ONLY to Mail Server1)
#Desktops - Block all SMTP to WAN
#Webserver - Can ONLY send to Anti Spam Appliance(1)-******The problem is blocking either LAN from sending to either WAN while allowing any device on either LAN to send to the other LAN.
I dow't want to create a rule for each device on LAN1 to to communicate to LAN2 and vice versa. These devices change frequently.
Iv'e tried playing with the WAN Net WAN Address blocking, but anything besides "ANY" doesn't seem to block LAN SMTP to WAN.Outbound Rule(s) I want to do in each PF Sense
Mailserver(x) ----> ANY Port 25 Allow
LAN Net ----------> WAN Net Port 25 Block**Unfortunately, this blocks nothing to WAN
This set of rules causes SMTP traffic to be broken from Lan1 to Lan2
Mailserver(x) ----> ANY Port 25 Allow
LAN Net ----------> ANY Port 25 BlockI want:
LAN1----25--->LAN2 Allow
L1Device--25->WAN1 Allow On PFSense1
LAN1----25--->WAN1 BlockLAN2----25--->LAN1 Allow
L2Device--25->WAN2 Allow On PFSense2
LAN2----25--->WAN2 BlockAny help would be much appreciated. - Oh.. both PFSense are 2.3.3_1