Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
pass only a specific block of external IP ranges to an internal port
« previous
next »
Print
Pages: [
1
]
Author
Topic: pass only a specific block of external IP ranges to an internal port (Read 1173 times)
nj44451
Newbie
Posts: 15
Karma: 0
pass only a specific block of external IP ranges to an internal port
«
on:
December 17, 2022, 06:45:29 pm »
I have an external spam filter that passes mail to my mail server on port 25.
I want to ensure that only mail from the spam filter is delivered to my mail server.
I setup an alias with the IP ranges for the spam filters public ip address but the server gets blocked no matter what I try.
I am setting this up on the NAT port forward.
Do anyone have an example of how to set this up?
for example I have this range setup in the alias: 72.35.12.0/255.255.255.0
Thanks,
Trent
«
Last Edit: December 18, 2022, 04:00:12 pm by nj44451
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: pass only a specific block of external IP ranges to an internal port
«
Reply #1 on:
December 17, 2022, 08:14:54 pm »
What is the "associated filter rule" in your NAT port forward rule set to? If it is not "pass", then try that.
Also:
source: your spam filter alias
destination: WAN address
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
nj44451
Newbie
Posts: 15
Karma: 0
Re: pass only a specific block of external IP ranges to an internal port
«
Reply #2 on:
December 17, 2022, 08:28:13 pm »
I had tried before adding the alias to the source and nothing.
I just modified the existing NAT I had for pass the traffic to my local IP on port 25
in the alias if shows it loaded the whole range of ip based on the masks I set.
for example I have this range setup in the alias: 72.35.12.0/255.255.255.0
I have it setup as a URL alias should I be using something else?
Here is what I see in the live log.
wan 2022-12-17T14:25:56-05:00 72.35.12.47:50702 98.157.240.17:25 tcp Default deny / state violation rule
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: pass only a specific block of external IP ranges to an internal port
«
Reply #3 on:
December 17, 2022, 08:33:19 pm »
Please post all details of that NAT port forward rule.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
nj44451
Newbie
Posts: 15
Karma: 0
Re: pass only a specific block of external IP ranges to an internal port
«
Reply #4 on:
December 17, 2022, 08:44:05 pm »
this is what is set the works to pass on port 25 to the server
Nat under port forward
WAN TCP * * WAN address 25 (SMTP) 192.168.1.54 25 (SMTP)
As soon as I add the alias as the source addresses it gets blocked
WAN TCP SMTP_alias * WAN address 25 (SMTP) 192.168.1.54 25 (SMTP)
under alias "SMTP_alias" I have it set to URL (ips)
With these addresses added
72.35.12.0/255.255.255.0
72.35.23.0/255.255.255.0
208.70.128.0/255.255.248.0
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: pass only a specific block of external IP ranges to an internal port
«
Reply #5 on:
December 17, 2022, 09:19:10 pm »
Use an alias of type Network(s) and specify the networks as
72.35.12.0/24
72.35.23.0/24
208.70.128.0/21
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
nj44451
Newbie
Posts: 15
Karma: 0
Re: pass only a specific block of external IP ranges to an internal port
«
Reply #6 on:
December 18, 2022, 03:59:31 pm »
Changed to Networks and all is working now also I think at one point I forgot to click apply as well.
Thanks for your help.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
pass only a specific block of external IP ranges to an internal port