Firewall

  • Hi. I am trying to use the firewall of my OMV server to protect any incoming traffic. Most services seem to work fine apart from the outgoing OMV notification emails. I cannot get it to send emails when the firewall is switched on. As soon as I open all ports for in/out traffic, the emails work.

    Does anyone know what the issue is?


    Thanks for any pointers.

    OMV6 HP t630

    OMV6 Xeon / i5 - SCSI PC

    OMV6 on Raspberry Pi4

    OMV5 on ProLiant N54L (AMD)

    • Offizieller Beitrag

    I'm not sure of what you're attempting to set up. Are you trying to use OMV as a firewall / gateway with two nic's, or a sub-interface, or something else like that?

    In any case, depending on which type of account you're using, pop3 or imap, following are the port #'s that should be open depending on the e-mail account type. (Pop3 accounts send on smtp ports.)

    smtp open 25 or 26

    smtp with SSL 465

    imap open 143

    imap with SSL 993

    The above are the commonly used ports. ISP's and e-mail providers can and do use other ports.

  • I am just trying to protect any service that runs on the OMV server. So I am only using 1 NIC but any incoming requests to a service running on the OMV box should be filtered or blocked according to my rules.

    This works well but the OMV email notifications just dont go out although I have opened the ports 25, 26, 465, 143 and 993. They still need something else to be open apparently.

    Any ideas?

    OMV6 HP t630

    OMV6 Xeon / i5 - SCSI PC

    OMV6 on Raspberry Pi4

    OMV5 on ProLiant N54L (AMD)

    • Offizieller Beitrag

    There's a lot of variation in what e-mail providers do, to include using non-standard ports, but maybe there's a port combination in -> this that will help. If some combination of ports works in your case, please post it and who your e-mail provider is.

    Other than the above; unless you're exposing server ports (like 80, 443, etc.) by forwarding them, at your router, there's not much to worry about. OMV is pretty tight by default. If hacks get past your router, OMV is still relatively safe. It's windows clients that are the worry.

  • thanks - i will check the link above. The email provider I am using is Gmail.

    The OMV will sit inside a shared network infrastructure and I do not control the router security or the ports.

    I therefore need to firewall OMV.

    OMV6 HP t630

    OMV6 Xeon / i5 - SCSI PC

    OMV6 on Raspberry Pi4

    OMV5 on ProLiant N54L (AMD)

    • Offizieller Beitrag

    You could install the fail2ban plugin. It's available under OMVextras if you have that installed. It's designed to detect and, after a few attempts, to block brute force attacks and log it. I can also permanently ban offending IP's if set to do so. These abilities might be useful in your case.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!