I have one set of ipaddresses for my Wan and another that I can use for my static public addresses. I will give an example using private ipaddresses. Say that my Wan is 10.200.200.1/30 and my static addresses are 10.200.67.20/29, which are setup in proxy arp. My problem is that the spammer scum sometimes get past my firewall by using private addresses such as 192.168.0.8, and, because the mail server is set to trust those addresses, they get past the filters. They are able to do that because the Wan address, which is set to block incoming private addresses, is not part of the static address block that includes the address used for incoming email. When I go to setup a new rule to block those private addresses I have the problem that the only source I can choose is the Wan so I cannot block them. I tried and it doesn't work. The mail server has a 1 to 1 NAT for the public ip it uses. Any way to block private ip's coming from the Internet to my mail server?
|