4. Firewall rules for email (SMTP/S,POP3)

Firewall rules for email (SMTP/S,POP3)

  • I

    hello,

    im having problem with firewall rulings with regards to email ports… i blocked all ports and managed to get port 80 (http) to pass, but when i set the ports for email (110,465,25) it cant connect to the mail server... bellow are the rules i set:
    Status                Proto          Source        Port              Destination        Port            Gateway
    pass(disabled)      *                LAN net      *                  *                    *                  *
    block                  *                LAN net      *                  WAN address    *                  *
    pass                  TCP            LAN net      80 (HTTP)      WAN address    80 (HTTP)      *
    pass                  TCP/UDP      LAN net        110 (POP3)      WAN address    110 (POP3)      *
    pass                  TCP            LAN net        465 (SMTP/S)  WAN address    465 (SMTP/S)  *
    pass                  TCP            LAN net        25 (SMTP)        WAN address    25 (SMTP)      *

    if you'll notice, i've disabled the first rule (the default rule), and immediately set to block all ports (2nd rule), followed by the ports that i want to pass thru (succeeding rules)… so far, the only rule working is in port 80 (http), but email ports are not passing thru...

    based from what i read from the forums, rules are applied sequencially based on what is set first... i tried to re-shuffle the rules and setting the "block" rule at the end of the set, but i still cant get it to work...

    any tips or info regarding this is very much appreciated...

    TIA guys :)

    allison

    0

  • Delete your first two rules (the disabled pass and the block rule).
    Also set the "source port" to *
    When a connection is initiated , the source port is something completly ramdom between 1024 and 65535.
    (see my sig ;) )

    0
  • I

    hello again…

    thanx for the immediate reply to my post... :)

    i did as u instructed, removed the first two rules and set the source ports to "*", but emails still cant pass thru...

    wat else could i be missing out here...???

    thanks again :)

    allison

    0
  • P

    If you only use the default rule does it work then?

    http://doc.m0n0.ch/handbook/examples.html
    might help you out?

    0
  • I

    hi Perry,

    thanx for ur reply… yes, it works when i restore the default firewall rule... but then again, by doing so all ports will be open... is there any other work around for this...???

    thanks again :)

    0
  • D

    Also may be pass tcp DNS and all ICMP ?
    Can you telnet from lan to any mail-server by ip on 25 and 110 port's?
    (For example from windows cmd 'telnet ip-mail-server 110')

    0
  • I

    unfortunately, i cant telnet to the mail server on either ports 25 and 110… i can do so when i set the default rule again...

    0
  • C

    You've got the rules listing the destination as the WAN IP of the pfsense host.  I assume this isn't what you want.  Either set it to any, or specify the remote server IP.

    0
  • P

    Cry Havok beat me to it :D

    Read 14.1.4 and 14.1.5 in mono doc

    0
  • D

    pass      TCP/UDP      LAN net        110 (POP3)      WAN address    110 (POP3)      *
    pass      TCP/UDP      LAN net        *    *    110 (POP3)      *

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy