Here’s my updated setup.
VS (all Eth0-Any)
UDP 5000-5100, 10000-20000 192.168.1.4:5000-5100, 10000-20000 (VOIP)
TCP 1022, 1443 – 192.168.1.4:22, 443 (VOIP PBX SETUP)
TCP 25 – 192.168.1.2:25 (EXCHANGE EMAIL I/O)
TCP 443 – 192.168.1.2:443 (EXCHANGE WEBMAIL)
INPUT ACCEPT 1,2,3-ACCEPT Eth1 :22, 443, all, 6-DROP Eth0 all
FORWARD ACCEPT 1-ACCEPT all
OUTPUT ACCEPT 1-ACCEPT all
My confusion was, I wanted to enter the IP of our email provider service so only they can access our port 25, but I put it in VS – Interface IP, ~oops.
So this should be in a firewall rule? Do I still use the VS rule?
ie. Input 4-ACCEPT Eth0 source209.x.x.x:25 (email-spam service IP)
Not sure if it’s a good idea, or will work, to limit port range to RTP?
Input 5-ACCEPT Eth0 dest192.168.1.4:10000-20000 L7:RTP
I would like to be able to enable web access to https GUIs on WAN ports other than 443. Will my 2nd VS rule work? Also, you indicated it would be different for the ZS, how is that done?
THANKS FOR ALL YOUR HELP!