Email Client times out trying to reach mailserver in lan
-
@TomNick said in Email Client times out trying to reach mailserver in lan:
It is SSl/TLS 993 and 465. I tried with 2 clients (Windows) Thunderbird and Outlook. None of them worked.
They connect to what IP ?
The one of the mail server ?Where are your client ? On the pfSense WAN ? Show your NAT rule(s) and related firewall rules.
-
@Gertjan said in Email Client times out trying to reach mailserver in lan:
They connect to what IP ?
The one of the mail server ?Where are your client ? On the pfSense WAN ? Show your NAT rule(s) and related firewall rules.
@viragomann said in Email Client times out trying to reach mailserver in lan:
Maybe we get closer, however, if you give some details about your network.
Ok, WAN IP 37.27.xx.xx.xxx which is mail.mydomain goes to pfsense
NAT is:The aliases are:
The Windows Server is 192.168.21.103 and not able to connect via a client on that Windows server
Pfsense is 192.168.21.100
-
@TomNick
What give us concerns is that client and server are within the same subnet. So access from client to server should not pass pfSense at all.But just got an idea. I guess, your client uses your public FQDN?
This would explain, why packets go to pfSense.If so, you should add an host override for the FQDN to your local DNS. Assuming, you're using DNS Resolver on pfSense.
Otherwise you can enable NAT reflection in the port forwarding rule. -
This post is deleted! -
@viragomann said in Email Client times out trying to reach mailserver in lan:
If so, you should add an host override for the FQDN to your local DNS. Assuming, you're using DNS Resolver on pfSense.
Otherwise you can enable NAT reflection in the port forwarding rule.I tried all but no sucess. Maybe I did something wrong with the host override, here it is:
-
@TomNick
Possibly the public IP is still present in the clients DNS cache.
Try to flush it (ipconfig /flushdns) or reboot the machine. -
The NAT rules.
I still like to see the WAN firewall rules.
The (WAN) firewall rules contains packet counters, like these :so you can see right away if there was traffic from the Internet coming into the WAN interfaces that matches one of your WAN pass rules - these rules can be part of a NAT rule - as my third WAN firewall rule, as it NATs to a port on my syno disk-station, which is a pfSense LAN device.
So, again : your firewall rules ?
The port alias contains :
25,465, etc
So your the first NAT rules 'NATs' port 25.
Your third rules isn't needed and should be removed. -
@Gertjan said in Email Client times out trying to reach mailserver in lan:
So, again : your firewall rules ?
@Gertjan said in Email Client times out trying to reach mailserver in lan:
So your the first NAT rules 'NATs' port 25.
Your third rules isn't needed and should be removed.Done!
Ok, what I found out is, that if you call mail.mydomain from inside the windows client you get the pfsense cert. If you call mail.mydomain from outside your will get the letsencrypt cert which is correct.
-
@TomNick
The only possible reason for this is that your client resolves the host name to the public FQDN as already mentioned yesterday.If you're not able to get your local DNS to work properly, edit the port forwarding rule for the mailserver ports and enable NAT reflection.
-
@viragomann said in Email Client times out trying to reach mailserver in lan:
If you're not able to get your local DNS to work properly, edit the port forwarding rule for the mailserver ports and enable NAT reflection.
It is already enabled I guess. The NAT reflection gives me 4 options:
default NAT+Proxy Pure NAT Disable
Mine is on default, still not working
-
@viragomann 'It is working by setting "host override". Thanks a lot for your trouble and have a good weekend
-
@TomNick said in Email Client times out trying to reach mailserver in lan:
Mine is on default, still not working
"default" means "System default". If this is set in the NAT rule, the setting in System > Advanced > Firewall & NAT > NAT Reflection mode for port forwards is used.