-2

I Have a Mikrotik. our Exchange mail server IP is 192.168.200.3. I wanted to block all inbound and outbound traffic by blocking all port except mail port in this ip.

I wrote these filter in firewall:

add chain=forward Src. Address= 192.168.200.3 protocol=tcp Src-port=!25,443,465,587,2525 Out. Interface=ppoe(internet Interface) action=drop
add chain=forward Dst. Address= 192.168.200.3 protocol=tcp Dst-port=!25,443,465,587,2525,717 In. Interface=ppoe(internet Interface) action=drop

After apply these filter, I can receive mail from outside of network but I couldnt sent any mail. when I look at exchange server toolbox Queue there is a winsocket error 10051 on port 25.

What should I do to fix this?

Mostafa AHmadi
  • 329
  • 4
  • 14

1 Answers1

-1

I Asked different site and person. so i figured out how to do that and want to share here.

When sending mail to outside, source port is some random number. If I drop everything except your few selected ports, it can't work. I need to allow traffic from 192.168.200.3: to :25

So I changed:

add chain=forward Src. Address= 192.168.200.3 protocol=tcp Src-port=!25,443,465,587,2525 Out. Interface=ppoe(internet Interface) action=drop

To 

add chain=forward Dst. Address= 192.168.200.3 protocol=tcp Src-port=25,443,465,587,2525 in. Interface=ppoe(internet Interface) action=Accept

And it works.

Mostafa AHmadi
  • 329
  • 4
  • 14