Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Help about MediaWiki
FUTO
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software
(section)
Main Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Lesson 2: Setting Up pfSense Firewall Rules for a Mail Server === <span id="understanding-nat-vs.-firewall-rules"></span> ===== Understanding NAT vs. Firewall Rules ===== Let’s understand the two types of rules you need to set up in '''pfSense''': <span id="nat-network-address-translation"></span> ===== NAT (Network Address Translation) ===== NAT determines ''where'' traffic goes. Here’s why it matters: * Your network has one public IP that the world sees * But you might have 200+ computers internally * When someone sends you an email, NAT tells the router ''“traffic on port 25 goes to the mail server, port 80 goes to the web server”'' etc. Think of NAT like a restaurant host - they decide which table gets which customers. <span id="firewall-rules"></span> ===== Firewall Rules ===== Firewall rules determine if traffic is ''allowed'' to pass. After NAT directs traffic to a computer, firewall rules decide if it gets through. Think of firewall rules like the bouncer - they decide if you get in at all. <span id="practical-application"></span> ===== Practical Application ===== '''NAT port forward''' is when the router sees an email coming in on port 25 to my spectrum internet address, and sends that email to our mail server on port 25. Once NAT has sent that email to my mailserver on port 25, the '''firewall rule''' is what '''allows''' that traffic to access port 25 on our mailserver. <gallery mode="packed-hover" heights=250 widths=400 perrow=2> File:lu55028jxdmy_tmp_1f1b2c6a.png File:lu55028jxdmy_tmp_31037c49.png File:lu55028jxdmy_tmp_8d77cc05.png File:lu55028jxdmy_tmp_54c8a9f1.png File:lu55028jxdmy_tmp_17e7dded.png File:lu55028jxdmy_tmp_cc025f84.png </gallery> <span id="setting-up-mail-server-port-forwarding-so-you-receive-emails"></span> ==== Setting Up Mail Server Port Forwarding so you Receive emails: ==== A “mail client” is a program you use to read & send your email from the mail server (the mailcow machine we are setting up). Examples are k9 mail, Microsoft Outlook, Mozilla Thunderbird, etc., or just using the web interface. If you are going to use the mail server while connected to the VPN, '''''THIS IS THE ONLY RULE YOU NEED TO ADD!''''' This is for '''receiving email.''' This port '''''must''''' be opened to the public. <span id="create-nat-rule"></span> ===== Create NAT Rule ===== # Access '''pfSense''' at <code>https://192.168.5.1</code> # Go to '''Firewall → NAT''' # Under the '''Port Forward''' tab, click '''Add''' # Configure the following: #* '''Interface''': WAN (incoming traffic) #* '''Protocol''': TCP #* '''Source''': Any ''(you can’t predict which mail servers will email you)'' #* '''Destination''': WAN address #* '''Destination Port Range''': 25 #* '''Redirect Target IP''': Your mail server IP (here in our example it’s <code>192.168.5.3</code>) #* '''Redirect Target Port''': 25 #* '''Description''': “Receive Emails” # '''Important''': Check “Add associated filter rule” # Click '''Save''' # Click '''Apply Changes''' '''Critical Note''': Port 25 MUST be open or you’ll never receive email. This is non-negotiable for a mail server. <blockquote>'''NOTE:''' When setting up port forwarding for a mail server, make sure that your ISP isn’t blocking it to stop spam. Yours might. It’s not unheard of with residential internet providers. You are paying for a residential connection, not a business one, and they’ll [https://www.youtube.com/watch?v=izXnCkrfjO0 remind you of it way they can](actually, they’ll do that even when you pay $409.99/mo for the business one). </blockquote> <span id="step-6-add-pfsense-firewall-rules-for-real"></span>
Summary:
Please note that all contributions to FUTO may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
FUTO:Copyrights
for details).
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)