Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
firewall rule how permit smtp.gmail.com [SOLVED]
« previous
next »
Print
Pages: [
1
]
Author
Topic: firewall rule how permit smtp.gmail.com [SOLVED] (Read 10543 times)
bdario
Jr. Member
Posts: 63
Karma: 2
firewall rule how permit smtp.gmail.com [SOLVED]
«
on:
November 25, 2019, 09:58:56 am »
Hello to all,
Opnsense 19
I'm experimenting an issue driving me nut:
I would like to send emails from a NAS behind the firewall
The NAS is correctly configured to use smtp.gmail.com:587 and works fine only if I put a rule on the server interface like this one:
- source addres: <NAS.IP.ADDR.ESS/32>
- source port: <ANY>
- destination address: <ANY>
- destination port: <ANY>
Now I would like to shrink the rule specifying "destination address" and "destination port" but the firewall doesn't accept "smtp.gmail.com".
I tried to use the ip address resolving smtp.gmail.com but it doesn't work
Is there a way to use the name instead of the IP in the field "destination address" of the rule?
Thanks so much for your kindly help
best regards
Dario
«
Last Edit: November 26, 2019, 08:43:35 am by bdario
»
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: firewall rule how permit smtp.gmail.com
«
Reply #1 on:
November 25, 2019, 10:39:33 am »
You can try an Alias with the smtp server, which you can use in your FW rules.
But even more important than the server is in my opinion to limit the PORT the NAS can connect to.
I would get a little raspberry pi (1b or 2b is sufficient) and set up a local email server, just for receiving status emails from NAS, etc. Why should/would you hand over the details of your network to Google?
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
bdario
Jr. Member
Posts: 63
Karma: 2
Re: firewall rule how permit smtp.gmail.com
«
Reply #2 on:
November 25, 2019, 11:09:19 am »
Hi chemlud,
alias doesn't solve the issue
Dario
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: firewall rule how permit smtp.gmail.com
«
Reply #3 on:
November 25, 2019, 11:18:08 am »
Hmmm, why? :-)
Did you check that your Alias get's resolved? ..see pftables.
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
bdario
Jr. Member
Posts: 63
Karma: 2
Re: firewall rule how permit smtp.gmail.com
«
Reply #4 on:
November 25, 2019, 01:06:02 pm »
I created and enabled an alias as follow:
- name: gmail
- type: Host(s)
- Description: smtp.gmail.com
- Content: smtp.gmail.com
I tested the alias in: Firewall / Diagnostics / pfTables
It resolves 64.233.184.109
I modified the rule as follow:
- source addres: <NAS.IP.ADDR.ESS/32>
- source port: <ANY>
- destination address: gmail
- destination port: <ANY>
or
- destination port: 587
but it doesn't permit the NAS to send email
«
Last Edit: November 25, 2019, 01:43:06 pm by bdario
»
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: firewall rule how permit smtp.gmail.com
«
Reply #5 on:
November 25, 2019, 02:28:08 pm »
Again: It's more important to limit the destination port than the destination ip.
I see no reason (besides google messing up DNS) why your rule should not work.
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
bdario
Jr. Member
Posts: 63
Karma: 2
Re: firewall rule how permit smtp.gmail.com
«
Reply #6 on:
November 26, 2019, 07:29:16 am »
so must I assume firewall doesn't work properly?
Hey folks, any suggestion?
Thanks
Logged
bdario
Jr. Member
Posts: 63
Karma: 2
Re: firewall rule how permit smtp.gmail.com
«
Reply #7 on:
November 26, 2019, 08:43:16 am »
it seems to be solved
Tracing firewall logs I found an IP responding on tcp 587
query for it whois reply me "google"
add this ip in the alias rule solved the issue
thanks
Dario
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: firewall rule how permit smtp.gmail.com [SOLVED]
«
Reply #8 on:
November 26, 2019, 10:48:59 am »
And you hardcoded the IP into your firewall rule now?
I would not bet that the IP resolves to this SMTP server (and other way around) in a month/year...
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
siga75
Full Member
Posts: 187
Karma: 11
Re: firewall rule how permit smtp.gmail.com [SOLVED]
«
Reply #9 on:
November 27, 2019, 05:35:16 pm »
alias with smtp.gmail.com and rule for port 587 works like a charm for me
I would investigate deeper
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
firewall rule how permit smtp.gmail.com [SOLVED]