Firewall rules for email (SMTP/S,POP3)
-
hello,
im having problem with firewall rulings with regards to email ports… i blocked all ports and managed to get port 80 (http) to pass, but when i set the ports for email (110,465,25) it cant connect to the mail server... bellow are the rules i set:
Status Proto Source Port Destination Port Gateway
pass(disabled) * LAN net * * * *
block * LAN net * WAN address * *
pass TCP LAN net 80 (HTTP) WAN address 80 (HTTP) *
pass TCP/UDP LAN net 110 (POP3) WAN address 110 (POP3) *
pass TCP LAN net 465 (SMTP/S) WAN address 465 (SMTP/S) *
pass TCP LAN net 25 (SMTP) WAN address 25 (SMTP) *if you'll notice, i've disabled the first rule (the default rule), and immediately set to block all ports (2nd rule), followed by the ports that i want to pass thru (succeeding rules)… so far, the only rule working is in port 80 (http), but email ports are not passing thru...
based from what i read from the forums, rules are applied sequencially based on what is set first... i tried to re-shuffle the rules and setting the "block" rule at the end of the set, but i still cant get it to work...
any tips or info regarding this is very much appreciated...
TIA guys :)
allison
-
Delete your first two rules (the disabled pass and the block rule).
Also set the "source port" to *
When a connection is initiated , the source port is something completly ramdom between 1024 and 65535.
(see my sig ;) )
-
hello again…
thanx for the immediate reply to my post... :)
i did as u instructed, removed the first two rules and set the source ports to "*", but emails still cant pass thru...
wat else could i be missing out here...???
thanks again :)
allison
-
If you only use the default rule does it work then?
http://doc.m0n0.ch/handbook/examples.html
might help you out?
-
hi Perry,
thanx for ur reply… yes, it works when i restore the default firewall rule... but then again, by doing so all ports will be open... is there any other work around for this...???
thanks again :)
-
Also may be pass tcp DNS and all ICMP ?
Can you telnet from lan to any mail-server by ip on 25 and 110 port's?
(For example from windows cmd 'telnet ip-mail-server 110')
-
unfortunately, i cant telnet to the mail server on either ports 25 and 110… i can do so when i set the default rule again...
-
You've got the rules listing the destination as the WAN IP of the pfsense host. I assume this isn't what you want. Either set it to any, or specify the remote server IP.
-
Cry Havok beat me to it :D
Read 14.1.4 and 14.1.5 in mono doc
-
pass TCP/UDP LAN net 110 (POP3) WAN address 110 (POP3) *
pass TCP/UDP LAN net * * 110 (POP3) *
