- On OPNSense, go to Firewall → Rules → WAN 1 (or whatever the name of your inteface is).
- Here is a list of ports used by iRedMail services – not all of them need to be opened.
- Port 80 and 443 for HAProxy (unless you have it set up already)
- Port 25: required for mail server exchange.
- Port 993 for IMAP over SSL
- We will not need to open ports for SMTP since we will be using the relay by default. This is safer in case the public IP changes to ensure that communication can be sent out.
- Firewall rules – go to Firewall → Rules → WAN 1 (or just WAN) and click on the + sign to make sure you have the following set up
- Rule 1: Port 80
- Action: Pass
- Interface: WAN
- Direction: in
- TCP/IP: IPv4
- Protocol: TCP
- Destination: This Firewall
- Destination port range: from HTTP to HTTP
- Rule 2: Port 443
- Same as above with the difference of the port range starting from HTTPS to HTTPS (or choose ‘other’ and manually type 443 in both boxes).
- Rule 3: Port 25
- Destination here is not ‘This firewall’ but ‘LAN net’ since we will be forwarding it as a NAT rule to our mail server later.
- Port range starting from SMTP to SMTP (or choose ‘other’ and manually type 25 in box boxes).
- Rule 4: Port 993 (IMAPS)
- As before, the Destination is not ‘This firewall’ but ‘LAN net’.
- Port range starts from IMAPS to IMAPS (or 993 to 993)
- Rule 5: Port 465 (SMPTS)
- As before,the Destination is not ‘This firewall’ but ‘LAN net’
- Port range starts from SMTPS to SMPTS (or 465 to 465). Alternatively, you can use port 587 if you manually define it (then you must be consistent even with the NAT rule and how you connect your email client).
- Once done, remember to click on the ‘Apply Settings’ button for the changes to take an effect before moving to the NAT rules.