This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Block Port 25 On Public Interface?

Hello,

I've tried to block (with no success) the SMTP port on the public interface of ASL adding a rule to drop any request
on the interface public for port 25...

The idea is that from the inside, everyone can relay on
ASL and ASL will then deliver to the public internet.

This is because ASL is receiving mails on an ADSL line and
will deliver thru a Cable Line.

At the moment I can manage this quite good...but the problem is that on the cable side port 25 results open.

Is there any way to lock it?

Thank you in advance!

This thread was automatically locked due to age.

Parents

0 Overnet over 21 years ago

Have you smtp proxy enable? If you have smtp proxy enable you can´t block port 25.
Cancel
Vote Up 0 Vote Down

Cancel
0 ^-^Neko over 21 years ago in reply to Overnet

Yes, I have proxy enabled because I still want to filter
mail on the internal interface (routed SMTP from the other router and internal traffic relay)

... Is not possible to block port 25 when proxy is enabled? It is like this for HTTP proxy...

Thanx a lot!

Neko
Cancel
Vote Up 0 Vote Down

Cancel
0 danielrm26 over 21 years ago in reply to ^-^Neko

Enable authentication and only allow internal users?
Cancel
Vote Up 0 Vote Down

Cancel
0 Overnet over 21 years ago in reply to ^-^Neko

You must set only your´s internal interface has permit to realy from your´s smtp proxy. Look in allowed networks under smtp proxy and set your´s internal interface in there for an ex eth0. And non can use your´s smtp proxy from outside at the fw
Cancel
Vote Up 0 Vote Down

Cancel
0 ^-^Neko over 21 years ago in reply to Overnet

I've tried this... I've added only the internal network as allowed to relay...

the result is that of course nobody can relay on the external interface... but port still results open... my goal would be to
have a "stealth" port 25...

No luck yet [:(]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ^-^Neko over 21 years ago in reply to Overnet

I've tried this... I've added only the internal network as allowed to relay...

the result is that of course nobody can relay on the external interface... but port still results open... my goal would be to
have a "stealth" port 25...

No luck yet [:(]
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 JimmyM over 21 years ago in reply to ^-^Neko

You could try using the /sbin/init.d/ipfilter.local file.
Create a file > touch /sbin/init.d/ipfilter.local
and use joe or vi to add your own filter rule to the INPUT chain or AUTO_INPUT chain. Try one or the other and DROP traffic to the external interface for port 25.
Assuming your external interface is eth1...

iptables -I INPUT -i eth1 -p tcp --dport 25 -j DROP
iptables -I INPUT -i eth1 -p udp --dport 25 -j DROP

These should drop all port 25 traffic inbound on eth1.
Hope this helps.
Cancel
Vote Up 0 Vote Down

Cancel