11-02-2011 12:50 AM
We have a setup where our e-mail server is hosted in-house.
Our network is connected through a RV042 gateway.
Port 25 is forwarded to our internal e-mail server.
Our smtp service should be limited to receiving incomming connections only from 4 specific ip ranges which I set up in the firewall rules.
The reason is that all smtp is managed and protected by an external anti-spam/vires provider.
However it looks like any computer is able to connect to our port 25 and be forwarded to our e-mail server.
Does portforwarding overrule firewall rules - ie. you can not limit access with the firewall if you decide to port forward?
Is this a "fixable" situation - or is the RV042 not built for handling this setup?
11-02-2011 05:01 AM
After a bit of trial and error the sollution was to specifically add a deny rule.
The default rule of
Deny | All Traffic [1] | WAN1 | Any | Any | Always |
Was not enough to drop traffic - we had to add a rule that specifically dropped traffic that was not accepted.
11-02-2011 06:09 AM
This link might help.
11-02-2011 06:46 AM
The above link did not really help.
The default rules seems not to be honored when adding portforwarding.
We have from IP ranges (from our SMTP anti-spam/anti-virus provider) that should be allowed to access our SMTP server.
What I did (that did not work) was :
1. Added port forwarding on WAN1 port 25 to LAN SMTP server port 25
2. Added 4 rules to allow for the 4 IP ranges to accept connection
3. Tested from the 4 ip ranges if connection was accepted and mail delivery was possible - checked OK
4. Tested from outside the 4 ip ranges if connection was accepted and mail delivery was possible... IT WAS POSSIBLE TO CONNECT
The fix was to add a rule after the 4 smtp accept rules to deny all access to port 25.
What this indicates to me is that the default deny rule that deny all traffic on WAN1 was not honored on port forwarding.
11-02-2011 06:54 AM
Once a port forwarding rule is added, all IP addresses on the WAN side are allowed to access the specified internal address. That's why a Deny rule is needed to undo the above. This has been the way the product behaves from day one.
Allow SMTP WAN1 [specific IP] [private address]
Deny SMTP WAN1 Any [private address]
11-02-2011 06:58 AM
When looking at the rules - there is a default "deny all" rule, which is why having to add an extra deny rule was counter intuitive. But now that we know it - I should hopefully be able to get it right on the next firewall rules we need to add
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: