Hi All,

Just wondering the best way of doing the following - i want to setup port redirection from externalIP:2525 to internalIP:25 which is working ok- however the firewall settings are working for port 25 not 2525.

I only want to allow email delivery from a list of IP addresses from our antiSpam servers however this list is approx 90 servers long and mail could be delivered from any of them. I went down the route of adding them each as an object using the very helpful import templete, however I can only have 12 objects in a group.

Any thoughts of how to do this?

Thanks
Tim

You should be able to specify 2 groups per rule, check whether any of the IPs specified by your mail provider fall within the same subnet so that you can enter groups of IPs that way - entering IPs as a subnet or range of IP addresses will save on the number of objects required.
I wasn't aware that it was limited to 12 IP objects per rule but that does seem to be the case now (I recall it being 16). It is normal for the firewall to only filter the internal port number, not the external port redirection port number - because NAT is processed before the firewall.


You'll need to use multiple IP filter rules - you set up the first rule with as many objects / groups as you can, then give that an action of "Pass if no further match", set up the second rule with the same settings and the next lot of IP objects / IP groups. Then at the end of that chain you would have a block rule for all other source IP addresses.

Thanks for that- i thought it may have been the case - thanks for your help.