Hi all,
I need help.
I have two range of public addresses 10.10.0.0/23 and 172.10.0.0 /24
in this two range is one public adress 10.10.0.8/30
This public adress is translate to port 25 on internal 192.168.1.10/24 where is smtp server.
All other ports is blocked.
I whant that only allowed public address from 10.10.0.0/23 and 172.10.0.0/24 can arrive to the internal address 192.168.1.10 on port 25.
I must warm, that public addresses is fragmented by mask 30 or 29.
Thx
Best regards,
Tomislav
Create an IP address list - smtpusers and add 10.10.0.0/23 and 172.10.0.0/24 as two entries in the list.
(172.10.0.0 is NOT a private IP by the way - that is 172.16.0.0/16 - 172.31.0.0/16)
Then make this rule in the forwarding chain of the filters table:
protocol=tcp dst-port=25 src-address-list=!smtpusers dst-address=192.168.1.10 action=drop
(this drops smtp to that host from any source NOT in the smtpusers list)
If you want to block all traffic to the host EXCEPT for smtp from allowed sources, it takes two rules:
protcol=tcp dst-port=25 src-address-list=smtpusers dst-address=192.168.1.10 action=accept
dst-address=192.168.1.10 action=drop
This is generally the better practice for security.