Block Outbound Traffic


#1

Hi,

This process seems like it would be fairly straight forward, but I cannot get it to work. I am using a Peplink Balance 380 firmware version 5.4.7 build 2423.

What I am trying to accomplish is:

Block outbound traffic on SMTP Port 25 only for ALL Internal devices.

Then, allow SMTP Outbound traffic on Port 25 for one single internal IP only.

The reason, simple. Sometimes PCs get viruses that send outgoing emails. We need to prevent any emailing viruses from sending unauthroized spam on our network so our IP does not become blacklisted.

I can get block all traffic on Port 25 to work just fine. I cannot however, get my email server successfully communicating outbound emails while the network is blocked.

Thanks for any assistance provided,

Chad


Egress filtering
Data security-outband
#2

Hey Chad,

You can accomplish this with two outbound firewall rules. The first rule will allow the port 25 traffic from the specific IP, and the other rule will deny it from any IP.

Just make sure the allow rule is above the deny rule :slight_smile:


#3

Tim,

Thanks for the reply. Unfortunately, it simply does not work. I have tried every conceivable combination of one rule before the other, and there is no way to get my Peplink 380 to block all traffic on one port for the internal network, but allow it for one IP. I have done everything and it still is not working.

Here is a screenshot of my two rules. The allow rule is listed as the very first rule in my list.



The block rule takes precedence, no matter what. No matter how I configure them. If by chance, the allow rule is working, then none of the IPs on my network are blocking outbound smtp port 25.

Chad


#4

I guess never mind. I figured a way around it by blocking subnets. Not ideal at all, but at least somewhat usable. This feature should be much more simple and friendly than this though. It’s a bit ridiculous to have to keep adding subnets for blocking.


#5

If you look at the two rules you can see that the block rule has “Any Port” for the source. The allow rule has the source port “25” which is not correct as it will be a random number due to the many to one NAT. Please give this a try again and only specify the destination port. This should be the case for all firewall rules.


#6

I have been there and tried that. When I do configure the rules in that manner, the outbound blocks that were working no longer work. Everything is allowed out.


#7

For clarification, I have attached screenshots of how these two rules should be configured.




#8

I had tried this configuration before on 5.4.7 and it was not working. I just upgraded to 5.4.9 and tried it again. It is now working. Thank you.


#9

Thanks for the update Chad, glad it’s working now!


#10

Hey Guys,

Mails are incoming just fine, however everyone to stuck with emails in there outbox. Port 25 being blocked as I’ve read.

I’ve tried Ron’s configuration as posted, but this is not working. I’ll like to allow all IP’s on network to send emails. Or do I need to get everyone individual IP’s to allow them to send emails.

FIRMWARE : 5.4.6-- checked for update and seems to say to update available.

Thank you ever so much
Dane


#11

Sent this to confirm the settings


#12


#13

Hi Dane, your first step here would to definitely update your firmware to the newest available for your device. The hardware revision may dictate which you can select. Please follow this link to proceed: https://www.peplink.com/support/downloads/archive/

-Jon Grote
Peplink Account Manager
Frontier Computer Corp.