OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: mahescho on January 03, 2019, 10:49:33 am

Title: Rule Design
Post by: mahescho on January 03, 2019, 10:49:33 am

Hi,

in my setup I've multiple interfaces, VLANs and up links. I'v a mail relay in a DMZ VLAN. The mail relay receives mails and forwards them to the internal mail server. So I've a rule which allows SMTP from the internet to the mail relay and one to allow SMTP from the mail relay to the internal server. For outgoing mail I've one rule to allow SMTP from the internal mail server to the mail relay. Pretty simple so far.

Now I need a rule which allows the mail relay to send mail to the internet but NOT to any other interfaces or VLANs. See my current SMTP rules attached. The first is the one to allow incoming mails but the second will IMHO allow SMTP to any destination even to hosts on other interfaces or VLANs.

What is best practice to design a rule or rule set to get this working as expected? An addition real mail relay on the firewall is no option as I want my mail relay to do the work.

TIA

Title: Re: Rule Design
Post by: Mks on January 03, 2019, 11:55:20 am

Hi,

create an Alias RFC1918 with all Private Address ranges.

Use this alias with the invert option as destination.

br

Title: Re: Rule Design
Post by: mahescho on January 03, 2019, 07:46:58 pm

Thanks, works as expected and I can do some thin similar with my internal IPv6 nets.