DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Restricting SMTP traffic

More
28 Aug 2009 19:29 #7 by paul_hood
Replied by paul_hood on topic Restricting SMTP traffic
Sorted!

Unfortunately this would only work when I entered the rule in to the "Default Data Filter" group (maybe a quirk on our system).

Creating a block/allow rule also didn’t work so I decided to just block everything else (and not touch the IP address I want to keep alive).

In my setup the router is 192.168.1.1 and my Mail Server is 192.168.1.2

1.) Create a new rule called SMTP_IP_3-254
2.) Set DIRECTION to LAN>WAN
3.) 192.168.1.3~192.168.1.254
4.) Set DESTINATION IP to ANY
5.) SERVICE TYPE:
SERVICE TYPE - USER DEFINED
PROTOCOL – TCP
SOURCE PORT – 1~65535
DESTINATION PORT – 25~25
6.) Set ACTION/PROFILE to BLOCK IMMEDIATELY


This also works when your servers IP address is in the middle of a range e.g: 192.168.1.'100', just create two block rules first rule for IP's 1-99 and the second rule for 101-254 etc.

Hope this helps others... :twisted:

Please Log in or Create an account to join the conversation.

More
28 Aug 2009 20:21 #8 by mordorf
Replied by mordorf on topic Restricting SMTP traffic

Paul_Hood wrote: Sorted!

Unfortunately this would only work when I entered the rule in to the "Default Data Filter" group (maybe a quirk on our system).



You will normally use Data Filters and not Call Filters, please see the below explanation for each type.

Call Filter - When there is no existing Internet connection, Call
Filter is applied to all traffic, all of which should be outgoing.
It will check packets according to the filter rules. If legal,
the packet will pass. Then the router shall “initiate a call”
to build the Internet connection and send the packet to Internet.

Data Filter - When there is an existing Internet connection, Data
Filter is applied to incoming and outgoing traffic. It will check
packets according to the filter rules. If legal, the packet will
pass the router.

Please Log in or Create an account to join the conversation.

More
28 Aug 2009 20:43 #9 by paul_hood
Replied by paul_hood on topic Restricting SMTP traffic
Just out of intrest what are all the other blank entries/profiles on the same page as "Default Call Filter" & "Default Data Filter" for :?:

Please Log in or Create an account to join the conversation.

More
28 Aug 2009 20:48 #10 by paul_hood
Replied by paul_hood on topic Restricting SMTP traffic
Just out of intrest what are all the other blank entries/profiles on the same page as "Default Call Filter" & "Default Data Filter" for :?:

Please Log in or Create an account to join the conversation.

More
28 Aug 2009 21:41 #11 by mordorf
Replied by mordorf on topic Restricting SMTP traffic
For creating more firewall rules. You can have lots and lots of firewall rules which are read in list form (top to bottom).

Please Log in or Create an account to join the conversation.

More
28 Aug 2009 22:05 #12 by paul_hood
Replied by paul_hood on topic Restricting SMTP traffic
Understood... so my original problem was the order of my newly created SMTP rule was below the Default Call Filter.

I have since found the option “Next Filter Set “ to change the order!

This bit was not as obvious as the sub pages as these have a button to move up/down.

You learn something new every day (I know I have). :idea:
Again I hope this helps someone.

Please Log in or Create an account to join the conversation.

Moderators: Sami