DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Restricting SMTP traffic
- paul_hood
- Offline
- Junior Member
Less
More
- Posts: 18
- Thank you received: 0
28 Aug 2009 19:29 #57465
by paul_hood
Replied by paul_hood on topic Restricting SMTP traffic
Sorted!
Unfortunately this would only work when I entered the rule in to the "Default Data Filter" group (maybe a quirk on our system).
Creating a block/allow rule also didn’t work so I decided to just block everything else (and not touch the IP address I want to keep alive).
In my setup the router is 192.168.1.1 and my Mail Server is 192.168.1.2
1.) Create a new rule called SMTP_IP_3-254
2.) Set DIRECTION to LAN>WAN
3.) 192.168.1.3~192.168.1.254
4.) Set DESTINATION IP to ANY
5.) SERVICE TYPE:
SERVICE TYPE - USER DEFINED
PROTOCOL – TCP
SOURCE PORT – 1~65535
DESTINATION PORT – 25~25
6.) Set ACTION/PROFILE to BLOCK IMMEDIATELY
This also works when your servers IP address is in the middle of a range e.g: 192.168.1.'100', just create two block rules first rule for IP's 1-99 and the second rule for 101-254 etc.
Hope this helps others...:twisted:
Unfortunately this would only work when I entered the rule in to the "Default Data Filter" group (maybe a quirk on our system).
Creating a block/allow rule also didn’t work so I decided to just block everything else (and not touch the IP address I want to keep alive).
In my setup the router is 192.168.1.1 and my Mail Server is 192.168.1.2
1.) Create a new rule called SMTP_IP_3-254
2.) Set DIRECTION to LAN>WAN
3.) 192.168.1.3~192.168.1.254
4.) Set DESTINATION IP to ANY
5.) SERVICE TYPE:
SERVICE TYPE - USER DEFINED
PROTOCOL – TCP
SOURCE PORT – 1~65535
DESTINATION PORT – 25~25
6.) Set ACTION/PROFILE to BLOCK IMMEDIATELY
This also works when your servers IP address is in the middle of a range e.g: 192.168.1.'100', just create two block rules first rule for IP's 1-99 and the second rule for 101-254 etc.
Hope this helps others...
Please Log in or Create an account to join the conversation.
- mordorf
- Offline
- Junior Member
Less
More
- Posts: 84
- Thank you received: 0
28 Aug 2009 20:21 #57467
by mordorf
You will normally use Data Filters and not Call Filters, please see the below explanation for each type.
Call Filter - When there is no existing Internet connection, Call
Filter is applied to all traffic, all of which should be outgoing.
It will check packets according to the filter rules. If legal,
the packet will pass. Then the router shall “initiate a callâ€
to build the Internet connection and send the packet to Internet.
Data Filter - When there is an existing Internet connection, Data
Filter is applied to incoming and outgoing traffic. It will check
packets according to the filter rules. If legal, the packet will
pass the router.
Replied by mordorf on topic Restricting SMTP traffic
Sorted!Paul_Hood wrote:
Unfortunately this would only work when I entered the rule in to the "Default Data Filter" group (maybe a quirk on our system).
You will normally use Data Filters and not Call Filters, please see the below explanation for each type.
Call Filter - When there is no existing Internet connection, Call
Filter is applied to all traffic, all of which should be outgoing.
It will check packets according to the filter rules. If legal,
the packet will pass. Then the router shall “initiate a callâ€
to build the Internet connection and send the packet to Internet.
Data Filter - When there is an existing Internet connection, Data
Filter is applied to incoming and outgoing traffic. It will check
packets according to the filter rules. If legal, the packet will
pass the router.
Please Log in or Create an account to join the conversation.
- paul_hood
- Offline
- Junior Member
Less
More
- Posts: 18
- Thank you received: 0
28 Aug 2009 20:43 #57468
by paul_hood
Replied by paul_hood on topic Restricting SMTP traffic
Just out of intrest what are all the other blank entries/profiles on the same page as "Default Call Filter" & "Default Data Filter" for :?:
Please Log in or Create an account to join the conversation.
- paul_hood
- Offline
- Junior Member
Less
More
- Posts: 18
- Thank you received: 0
28 Aug 2009 20:48 #57469
by paul_hood
Replied by paul_hood on topic Restricting SMTP traffic
Just out of intrest what are all the other blank entries/profiles on the same page as "Default Call Filter" & "Default Data Filter" for :?:
Please Log in or Create an account to join the conversation.
- mordorf
- Offline
- Junior Member
Less
More
- Posts: 84
- Thank you received: 0
28 Aug 2009 21:41 #57470
by mordorf
Replied by mordorf on topic Restricting SMTP traffic
For creating more firewall rules. You can have lots and lots of firewall rules which are read in list form (top to bottom).
Please Log in or Create an account to join the conversation.
- paul_hood
- Offline
- Junior Member
Less
More
- Posts: 18
- Thank you received: 0
28 Aug 2009 22:05 #57471
by paul_hood
Replied by paul_hood on topic Restricting SMTP traffic
Understood... so my original problem was the order of my newly created SMTP rule was below the Default Call Filter.
I have since found the option “Next Filter Set “ to change the order!
This bit was not as obvious as the sub pages as these have a button to move up/down.
You learn something new every day (I know I have).:idea:
Again I hope this helps someone.
I have since found the option “Next Filter Set “ to change the order!
This bit was not as obvious as the sub pages as these have a button to move up/down.
You learn something new every day (I know I have).
Again I hope this helps someone.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek