Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Having trouble configuring Firewall to allow Mail Server Access
« previous
next »
Print
Pages: [
1
]
Author
Topic: Having trouble configuring Firewall to allow Mail Server Access (Read 2597 times)
fbeye
Full Member
Posts: 124
Karma: 1
Having trouble configuring Firewall to allow Mail Server Access
«
on:
February 19, 2023, 01:56:18 am »
Hello!
So, I have 8 STATIC IP's (6 usable).
I made Virtual IP's for each of the 6 IP's
I made NAT 1:1 from each Virtual IP to it's specific LAN IP.
I configure that specific IP 1 at a time on a host and verify it has correct WAN IP via "whatsmyip"
So, everything is set as it should be, I assume, as the IP's are correct to their destination.
I have an email server on WAN x.x.x.180 to LAN 192.168.5.180
The Ports that are on the .180 are 587 (SUBMISSION) 25 (SMTP) and 993 (IMAP/S).
The only things I have for firewall are;
PASS - WAN - IN -IPV4 - TCP -SOURCE (ANY)- SOURCE PORT (each one mentioned) - DESTINATION (192.168.5.180) - DESTINATION PORT (each one mentioned).
But, I am unable to connect! I have no other NAT or Port Forwarding set up, as I assume I would not need Port Forwarding because of the 1:1?
Any suggestions?
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Having trouble configuring Firewall to allow Mail Server Access
«
Reply #1 on:
February 19, 2023, 02:21:04 am »
Alright so by removing SOURCE PORT and making it ANY, it works now. Interesting.
Any explain in what scenario a SOURCE Port would be utilized?
«
Last Edit: February 19, 2023, 02:24:23 am by fbeye
»
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Having trouble configuring Firewall to allow Mail Server Access
«
Reply #2 on:
February 19, 2023, 03:42:27 am »
Very rarely. Usually services/applications use a randomised source port. In some cases you might be able to specify the source port. In other caes (eg active ftp) that's the standard behaviour. As part of that you might want to lock down your firewall rules further and limit the source port on the rule.
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Having trouble configuring Firewall to allow Mail Server Access
«
Reply #3 on:
February 19, 2023, 05:04:21 am »
Hmm. I am unsure exactly what you mean by that… When utilizing a source port, it did it work at all and I could only get it working by having “any” in source port. Are you saying that I can somehow specify a source port and it still work? I of course would like that… in my mind “Any” sort of negates any security as I WANT it to only be the specific ports being initialized.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Having trouble configuring Firewall to allow Mail Server Access
«
Reply #4 on:
February 19, 2023, 05:08:54 am »
I wouldn't worry about it if I were you. Your mail clients are unlikely to allow the source port to be specified.
Logged
fbeye
Full Member
Posts: 124
Karma: 1
Re: Having trouble configuring Firewall to allow Mail Server Access
«
Reply #5 on:
February 19, 2023, 03:40:12 pm »
How do I set as "resolved" ?
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Having trouble configuring Firewall to allow Mail Server Access
«
Reply #6 on:
February 19, 2023, 11:10:45 pm »
Edit the topic heading to include “[RESOLVED]” at the beginning.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Having trouble configuring Firewall to allow Mail Server Access