DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

SOLVED Issue with Firewall Filter

  • sharkeyes
  • Topic Author
  • Offline
  • New Member
  • New Member
More
31 Oct 2012 13:34 #73975 by sharkeyes
SOLVED Issue with Firewall Filter was created by sharkeyes
Hello,

I am trying to set up a firewall filter so deny all incoming SMTP traffic unless its from the Trend server for antispam.

I have set the default data filter and changed the Next Filter Set Set#3.

Rule set 3 has 4 rules. The first denies all traffic Lan > Wan on Port 25. It is set to "Block if No Further Match". Any Source IP, Any Destination IP.
The three proceeding rules allow the respective trend IP addresses.

I have tried changing the deny rule from first to last and changing the block to "Block Imminently". I have also tried changing from LAN > WAN to WAN > LAN and I have changed changing the default data rule to start at Set#3 rather than Set#2.

No matter what I do, when I Telnet to the server on port 25 I am allowed through. I am not allowed through on the default rules to block NetBIOS on Ports 137-139.

Please Log in or Create an account to join the conversation.

More
01 Nov 2012 10:48 #73985 by brianm100
Replied by brianm100 on topic Re: Issue with Firewall Filter
Firstly what type of router are you using?

You mentioned that you were trying to control inbound SMTP access to your network, can you clarify this is the case?

If so you should have a port forwarding rule to your inbound SMTP server.

I would then create a seperate filter group for SMTP traffic and select direction WAN>LAN, Source address would be the Public IP of the Trend Servers, Destination would be the private IP of the SMTP server inside your network and the protocol would be TCP on Port 25.

Finally a block rule should be created with WAN>LAN flow with any source and destination set to private IP of SMTP server and select to "block"

Hope this helps but again depends on the type of router being used and what you are trying to achieve.

Please Log in or Create an account to join the conversation.

  • sharkeyes
  • Topic Author
  • Offline
  • New Member
  • New Member
More
01 Nov 2012 11:31 #73986 by sharkeyes
Replied by sharkeyes on topic Re: Issue with Firewall Filter
I have a Vigor 2820.

Yes I am trying to restrict inbound access for SMTP so it can only be accessed via Trend anti-spam. Yeah the allow rules are set up as you mentioned.

The only thing I have not done is separated the rules or set port forwading on the SMTP server.

Please Log in or Create an account to join the conversation.

  • sharkeyes
  • Topic Author
  • Offline
  • New Member
  • New Member
More
01 Nov 2012 14:02 #73991 by sharkeyes
Replied by sharkeyes on topic Re: Issue with Firewall Filter
OK I have made separate rule sets.

Rule set#3 allows the trend servers though. I have set the next set to set#4 and in there a single rule set to "block immediately" from all IPs to any IP on TCP port 25.

I am still able to telnet in through port 25. The rule alone should restrict my access just like the default NetBIOS rule. I can't work out why its not working.

Please Log in or Create an account to join the conversation.

More
01 Nov 2012 14:44 #73994 by brianm100
Replied by brianm100 on topic Re: Issue with Firewall Filter
One thing i have found niggly about the packet filters on the 2820 is that you need to ensure you select a protocol otherwise it wont actually apply the rule.

Ensure you have "TCP" selected in the protocol.

Your rule should look like the following:

Filter set 3 "SMTP Rules"
Filter Rule 1: Pass or Block: "Pass" Direction > "IN", Protocol "TCP" Source: IP_Address - Subnet Mask: Sub_Mask Operator "=", Start port " " End Port " " (Leave blank and should resolve to "Any")
Destination: 192.168.x.x (Private IP of Mail Server, Subnet Mask: 255.255.255.255 (/32) Only one IP, Operator "=" Start Port "25" End Port "25"

Filter Rule 2: This rule will be the same except will have "Block" set instead of "Pass" and source address will be "Any".

If you have any issues after this it might be worthwhile resetting the router and rebuilding your config. Note: I never change the default packet filters unless you are intending on allowing mapped drives or Netbios traffic over the internet.

Again, hope this helps!

Brian

Please Log in or Create an account to join the conversation.

  • sharkeyes
  • Topic Author
  • Offline
  • New Member
  • New Member
More
01 Nov 2012 14:51 #73995 by sharkeyes
Replied by sharkeyes on topic Re: Issue with Firewall Filter
Thank you very much. It was a silly mistake.

I had set the Source Port to 25 > Destination Port to Any
I have swapped it around and now I am unable to Telnet in :D

I will change this for the allow rules as well and send in some test emails and hope they come through lol

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami