pass only a specific block of external IP ranges to an internal port

Started by nj44451, December 17, 2022, 06:45:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 17, 2022, 06:45:29 PM Last Edit: December 18, 2022, 04:00:12 PM by nj44451
I have an external spam filter that passes mail to my mail server on port 25.

I want to ensure that only mail from the spam filter is delivered to my mail server.

I setup an alias with the IP ranges for the spam filters public ip address but the server gets blocked no matter what I try.

I am setting this up on the NAT port forward.


Do anyone have an example of how to set this up?
for example I have this range setup in the alias:    72.35.12.0/255.255.255.0

Thanks,

Trent


December 17, 2022, 08:14:54 PM #1
What is the "associated filter rule" in your NAT port forward rule set to? If it is not "pass", then try that.

Also:

source: your spam filter alias
destination: WAN address
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 17, 2022, 08:28:13 PM #2
I had tried before adding the alias to the source and nothing.

I just modified the existing NAT I had for pass the traffic to my local IP on port 25

in the alias if shows it loaded the whole range of ip based on the masks I set.

for example I have this range setup in the alias:    72.35.12.0/255.255.255.0

I have it setup as a URL alias should I be using something else?

Here is what I see in the live log. 

wan      2022-12-17T14:25:56-05:00   72.35.12.47:50702   98.157.240.17:25   tcp   Default deny / state violation rule
December 17, 2022, 08:33:19 PM #3
Please post all details of that NAT port forward rule.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 17, 2022, 08:44:05 PM #4
this is what is set the works to pass on port 25 to the server
Nat under port forward

WAN   TCP   *   *   WAN address   25 (SMTP)   192.168.1.54   25 (SMTP)   

As soon as I add the alias as the source addresses  it gets blocked

WAN   TCP   SMTP_alias   *   WAN address   25 (SMTP)   192.168.1.54   25 (SMTP)   


under alias "SMTP_alias" I have it set to URL (ips)

With these addresses added

72.35.12.0/255.255.255.0
72.35.23.0/255.255.255.0
208.70.128.0/255.255.248.0

December 17, 2022, 09:19:10 PM #5
Use an alias of type Network(s) and specify the networks as

72.35.12.0/24
72.35.23.0/24
208.70.128.0/21
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 18, 2022, 03:59:31 PM #6
Changed to Networks and all is working now also I think at one point I forgot to click apply as well.

Thanks for your help.
Print
Go Up Pages1
User actions