I'm too silly for the firewall :-(

T

ThomasH

Member
Jun 4, 2019
27
5
23
58
Hi there...

I am not a firewall-guru, can handle IPTABLES a little bit (as long as rules are not too complicated). I know how firewalls are working and that rules should have a special sequence and that a set should end with a "DROP" (if I am still wrong here, pls let me know).

I am using ISP-Config on my mailserver, which contains except ISP-Config via https on port 8080 no other Webpages.

I made a ruleset (see attachment) named "mailserver" and set it in the firewall-rules for the mailserver-vm.

When retrieving emails with Thunderbird it takes looooong time until I receive the new mails or until a mail is sent. If I switch off the firewall it just takes a few seconds and the communication mailclient <-> mailserver has been done.

I am using IMAPS (993), SMTP (25) and SMTPS (465), SSL-comminucation. Sometimes I need SSH (22). I followed the recommondation of ISP-Config ans opened the ports as recommended without the ports I definetely I know, that I don't need them.

Following "Rule 1" (the error is always sitting 50 cm in front of CPU) I am SURE! I am too silly to handle a Proxmox-Firewall... :(

I've read several documents, the manual... seems what I need is a function example to understand... :(

Can anyone help?

THANKS A LOT... and sorry for my sillyness...

Thomas
 

Attachments

  • firewall-rule-set.jpg
    firewall-rule-set.jpg
    59.1 KB · Views: 17
ThomasH said:
I am not a firewall-guru, can handle IPTABLES a little bit (as long as rules are not too complicated). I know how firewalls are working and that rules should have a special sequence and that a set should end with a "DROP" (if I am still wrong here, pls let me know).
Click to expand...

Not necessarily - if you yous "DROP" as policy (which is the default) all what is not explicitly allowed is DROPped.

ThomasH said:
I am using ISP-Config on my mailserver, which contains except ISP-Config via https on port 8080 no other Webpages.



I made a ruleset (see attachment) named "mailserver" and set it in the firewall-rules for the mailserver-vm.

When retrieving emails with Thunderbird it takes looooong time until I receive the new mails or until a mail is sent. If I switch off the firewall it just takes a few seconds and the communication mailclient <-> mailserver has been done.

I am using IMAPS (993), SMTP (25) and SMTPS (465), SSL-comminucation. Sometimes I need SSH (22). I followed the recommondation of ISP-Config ans opened the ports as recommended without the ports I definetely I know, that I don't need them.
Click to expand...


For analysis it has to be verified if there is any other port used too. From this apart: to specify the rule is only on step, another one is to assign these rules (which are defined as "security group") to the VM which contains the mailserver.

A comprehensive overview about firewall setting can be seen reading the files in /etc/pve/firewall
 
Hi,

sorry for delay, I had to solve some other problems... :)

Following a great tip on stackexchange it seems to solve my problem.

by using

Code: 
nmap -p 1-65535 <my public ip>

I was able to find all open ports. Then I configured the firewall adding all open ports (prot: tcp/udp, destPort: xy) it functions well. But using the macros seems not to function well.. why ever... :cool:

Thanks a lot
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back