I need to block all ports incoming to my mail server accept 25,110 and 80.
it is setup 1 to 1 nat
public is 65.x.x.x
nat is 172.x.x.x
can someone help me?
Thanks
Tom
in firewall filter add rules to allow the desired ports to your public ip on whatever interface. Following those rules add a rule to drop all to the public ip on that interface.
Something like this…
add action=accept chain=forward comment=“Allow SMTP public IP” disabled=yes dst-address=65.x.x.x dst-port=25
in-interface=Ether1 protocol=tcp
add action=accept chain=input comment=“Allow POP public IP” disabled=no dst-address=65.x.x.x dst-port=110
in-interface=ether1 protocol=tcp
add action=accept chain=input comment=“Allow HTTP IP” disabled=no dst-address=65.x.x.x dst-port=2211
in-interface=Ether1 protocol=tcp
add action=drop chain=input comment=“Drop all incoming to public IP” disabled=no dst-address=65.x.x.x.x
in-interface=Ether1
or
add action=accept chain=forward disabled=yes dst-address=server_ip dst-port=25,110,80
in-interface=public protocol=tcp
add action=drop chain=forward comment=“Drop all incoming” disabled=no dst-address=server
in-interface=public
OOH…didn’t know I could use comma between port numbers.
Thanks.
This is my config
chain=forward action=accept src-address=172.16.10.101 out-interface=inside
dst-port=25,110,32000,10016,336,143,53 protocol=tcp
chain=forward action=accept connection-state=established
src-address=172.16.10.101
chain=forward action=drop src-address=172.16.10.101 protocol=tcp
this does not work it allows inbound but no out bound, I tried with public address and public interface that does not do anything.
Any more help
Thanks