Problems with mail server
-
I have the following NAT Port Forwards setup:
WAN TCP * * WAN address 80 (HTTP) 192.168.2.50 80 (HTTP) Webmail WAN TCP * * WAN address 25 (SMTP) 192.168.2.50 25 (SMTP) Mail SMTP WAN TCP * * WAN address 995 (POP3/S) 192.168.2.50 995 (POP3/S) Mail POP3S WAN TCP * * WAN address 53 (DNS) 192.168.2.50 53 (DNS) DNSI don't have enough information about what you are doing. Suppose you are attempting a web access to mail.redcarpetfinancial.ca from a system on your pfSense LAN interface and whatever DNS you are using translates mail.redcarpetfinancial.ca to your external IP. Your system sends that access attempt to pfSense where it arrives on the LAN interface where it doesn't match the port forwards you have setup (because it didn't arrive on the WAN interface) but it does match a pfSense IP address so it goes to the pfSense web server.
Suppose you have setup the port forwards but not reset the firewall states. An access attempt from the internet might not match the port forwards because the firewall states haven't been reset. See Diagnostics -> States, click on Reset States tab for more information.
-
I haven't recently set those rules… They have been running for quite some time and I have rebooted the box since setting up those rules.
I don't know a whole lot about networking, so please excuse my ignorance.
I have setup an internal DNS server on 192.168.2.50 so that the Zimbra install will work. None of my other computers on the the LAN use this as the DNS server.
This error message comes up whether I goto the domain from my laptop within the network or via wireless broadband tethering to my cell phone (wifi turned off).
Not really sure how to troubleshoot this so if you can dumb it down a bit and let me know where to go from start to finish, that would be great!
-
Not really sure how to troubleshoot this so if you can dumb it down a bit and let me know where to go from start to finish, that would be great!
Dumbing down is not as easy as it might seem, but lets try.
Lets start with the access from your laptop through the pfSense LAN interface. What is the laptop's gateway and name server? And what OS does it run?
-
My laptop is running Windows 7 (32-bit)
ip: 192.168.1.3 (DHCP)
gateway: 192.168.1.1
DNS: 192.168.1.1** If it is easier for you to look rather than post on the boards, I can set you up with access.
-
OK, so pfSense LAN interface has IP address 192.168.1.1? and you have DNS forwarder enabled on pfSense? And ping mail.redcarpetfinancial.ca on the laptop says it is going to 206.248.167.232?
-
Using dig and other tools, mail.redcarpetfinancial.com is pointing to the external IP address: 206.248.167.232
-
Using dig and other tools, mail.redcarpetfinancial.com is pointing to the external IP address: 206.248.167.232
Looks like I dumbed down too much technically but not enough in attention span - you answered only one of my last three questions. :)
-
Sorry… DNS Forwarder is ENABLED and the other two boxes are UNCHECKED.
I don't know how to check the pfSense LAN interface (I don't think). I went into the SSH shell for pf sense and there are 6 interfaces. the LAN interface is 192.168.1.1 if that is what you are asking.
-
OK, so you should add a DNS forwarder override for mail.redcarpetfinancial.com so that from your private network you access it via its private IP address:
Go to Services -> DNS Forwarder, scroll down to the table with headings Host Domain IP Description click on the "+" button on the right and add an override entry for host mail on domain redcarpetfinancial.com with IP address 192.168.2.50 and some useful (to you) description. Click on the save button.
Then go back to your Windows laptop and attempt to ping mail.redcarpetfinancial.com. If the IP address is not the private IP address wait a few seconds (for the laptop's DNS cache entry to time out) and repeat if necessary (it shouldn't be necessary to repeat this more than a few times). Then try your web access by hostname.
-
I did as you suggested and when I went to ping redcarpetfinancial.ca it worked but when I pinged mail.redcarpetfinancial.ca it still went to the external IP.
-
I spoke too soon. It know resolves to 192.168.2.50
-
OK, so your access from LAN now works OK?
Lets try access from the internet. With your laptop disconnected from the LAN (to force access over wireless broadband) what IP address is accessed if you ping mail.redcarpetfinancial.ca? What happens with a web access to mail.redcarpetfinancial.ca?
-
Okay… I turned off my NIC and tethered my phone to my laptop forcing wireless broadband.
I tried pinging mail.redcarpetfinancial.ca and it was trying to resolve to my external IP address but it timed out.
I then tried in my normal (Firefox) browser to go to mail.redcarpetfinancial.ca and it automatically redirected to the pfSense PORT (mail.redcarpetfinancial.ca:PORT) and it gave me the re-binding attack error message again.
I wasn't sure if this is Firefox is, for some reason, redirecting so I tried in IE as well. It took a while but connected to my Zimbra machine.
-
AWESOME! I just cleared my Firefox cache and it worked there as well.
Thank you!!!