HW Firewall-user define rules help

Topic

New Reply

I have a Westel Versalink modemrouter that has a firewall, and have had it set to “highest” setting for over a year, with no problems.

I recently I could not send mail (recieve was fine), so through troubleshooting with my host, I changed the outgoing port to 587, per their suggestion. Still couldn’t send mail, until I lowered the FW to lowest setting.

There is settings for, highest, medium, lowest, none, & custom. For h,m,l setting, there is the ability to “edit”, where it takes you to a window to see & edit the “user defined rules”. Here are the rules for the medium setting
[Quote] [ Security Level Medium OUT rules ]

begin
# Protocol Match conditions
RulesPass
pass to port 80 >> done
pass from port 80 >> done
pass protocol udp, to port 53 >> done
pass to port 20 >> done
pass from port 20 >> done
pass to port 21 >> done
pass to port 23 >> done
pass to port 110 >> done
pass to port 119 >> done
pass to port 143 >> done
pass to port 220 >> done
pass to port 25 >> done
pass to port 443 >> done
pass to port 500 >> done
pass to port 587 >> done…Line I added
pass protocol 50 >> done
pass protocol tcp, from addr %LANADDR% >> state, done

# Failed to match
RulesDropNETBIOS
drop to port >= 135, to port > done, alert 4 [Dropping NETBIOS Traffic]
RulesDrop
drop all >> alert 1 [ Packet to be dropped unless Service enabled ]

end[/quote]

I tried adding the line in red above, hoping that would allow me to send mail, but that did not work either.

Is there a “rule” that I could insert to allow sending mail, with a higher level for the FW?

Reply | Quote

Replies

I don’t recognize this syntax. Have you found any documentation for how these rules work?

The fact that the port 25 rule worked until it suddenly stopped working, and that the equivalent port 587 rule doesn’t work, points toward other issues. Does your firewall offer logging? You could do a send/receive and view both directions of the connections with the mail server to see whether there are any unexpected ports being used. If the firewall doesn’t do logging, you could use WireShark (try to minimize other internet traffic during your capture or there’s a lot of sift/filter).

Reply | Quote

You can easily test the ports from your machine.
1. Open a Command Prompt.
2. Type: telnet mail.messaging.microsoft.com 25
This will connect you to microsoft’s mail server
3. Type: helo me.com
You should see a response.
4. Type: quit
These commands test your ability to connect to mail servers on port 25.

Next you need to test this with the SMTP server you use to send mail.
To test port 587, replace the 25 with 587.

cheers, Paul

Reply | Quote

I couldn’t see anything in the FW log that offered any solutions, BUT, I got it to work by changing “pass to port 25” to “pass to port 587”. Before I just added a new line to port 587 which didn’t work. Here’s the user defined rule now:

title [ Security Level High OUT rules ]

begin
# Protocol Match conditions
RulesPass
pass to port 80 >> done
pass from port 80 >> done
pass protocol udp, to port 53 >> state, done
pass to port 20 >> done
pass from port 20 >> done
pass to port 21 >> done
pass to port 110 >> done
pass to port 119 >> done
pass to port 143 >> done
pass to port 220 >> done
pass to port 587 >> done
pass to port 443 >> done
pass to port 500 >> done
pass protocol 50 >> done
pass protocol tcp, from addr %LANADDR% >> state, done

# Failed to match
RulesDrop
drop all >> done, alert 4 [Unsupported High Application]

end

Mail is going both ways now with the highest FW settings…I like that!

Question: Will eliminating “pass to port 25” cause other problems that don’t have to do with mail?

Paul, I tried your tip using the command prompt…very cool trick!

Thanks for the feedback!

Reply | Quote

Port 587 is the SMTP port of choice for ISPs who are trying to limit spam bots. Normal SMTP, including spam bots, uses port 25.

cheers, Paul

Reply | Quote