Assistance in blocking SMTP in LAN
-
I might move the 192.168.1.0 and 192.168.2.0 in the 192.168.0.0 network since they have low client count and normally theyre being used in mobile phones. :)
But for the block and pass rule, did we do it right? :)
Yeah all networks are in /24
-
Yes - Its done correctly I think (says the tired man doing 5 things at once)
I like your setup as it is. I wouldn't change it.
Except, you need to put the block rule (just the block rule) on the other 2 interfaces.
Want to do that now? Its easy. Just make sure its above the pass rule.
-
Thanks kejianshi for providing me assistance. I'm really new to this firewall. I might mess it up if I had a wrong configuration. :-) I'm having a problem that one of the client is sending spam to the Internet that causes us to be in RBL and low IP reputation. I hope I did it right.
-
Well, after you make this rule, look at your firewall logs for SMTP port 25 blocked.
Then you will know which of your computers PROBABLY has a spamming virus/trojan and wipe it and reinstall its OS.
The IP will be in the firewall logs.You can then go to the computers, open command prompt and type "ipconfig" for windows or "ifconfig" for linux and check the computer's IP
Do that till you find the one that matches the IP being blocked in the firewall logs.
Don't forget to put the block rule on the interfaces for 192.168.1.0/24 and interface for 192.168.2.0/24 also.
Wireless clients can spam just as well as wired clients, better sometimes if someone nearby your office is stealing your WIFI.
-
Yes.. At the moment I'm looking at the logs on our firewall and found 1 machine that is infected… Over time mode.. :-) thanks again.. You're a big help.