Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem forwarding public IP from interface connected via cross-cable to server

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    2 Posts 2 Posters 993 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sinja
      last edited by

      Hi thanks in advance,

      pfsense version:
      2.0-BETA5  (i386)
      built on Fri Feb 18 05:24:52 EST 2011

      It has three interface rl0, rl1 & rl2.
      rl0 is WAN with public ip connected to router and GW is the public ip of router interface.
      rl1 is LAN ( Internet connection is working)

      rl2 (MAIL) has public ip  and is connected to mail server with public ip via crossed cable.

      How do I create rules so that mail server can be accessed from internet and lan.

      • Outbound NAT is set to manual. There is no nating in rl2(mail) interface.

      • firewall rules created is:
        *allow any to mailserver-ip from lan and wan
        *allow mailserver-ip to any from rl2(mail) interface.

      What GW should I put in rl2(mail) interface.

      thanks and kind regards.

      1 Reply Last reply Reply Quote 0
      • G Offline
        Gloom
        last edited by

        Not sure your setup will work.
        The usual way to do this is to add the IP address you have assigned to rl2 as a virtual IP address to the public interface rl0, then setup an rfc1918 DMZ  subnet off of rl2 hosting your mail, web etc.
        You then can either setup port forwarding (25 for smtp, 110 for pop3) through to the mail server in the DMZ. If all you intend to have is the one server then a 1:1 nat will do the job. Just add the rules to allow access on the required ports for both the WAN and LAN interfaces or allow pfsense to create them at the same time as the nat/port forwarding is created.

        I should also have said that allowing any traffic on any port through to your mail server is a very bad idea.

        Never underestimate the power of human stupidity

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.