Problems with dual wan and port forwarding

fricardo · Mar 23, 2007, 5:29 PM

Hello all,

I have this scenario:

WAN interface (DHCP)
–-----

\
---------| pfsense box |
---------| |------------> DMZ
/
/

OPT1 interface - WAN2 (Static)

I have a mail server with internal address in DMZ and I did a port forwarding to redirect the traffic going in the TCP/UDP port 25 at OPT1 interface. In this NIC I've set the external address of my mailserver and I redirect my SMTP traffic. Then, my mail server send messages normally but the messages don't arrive. I did some tests via dnsreport.com but they fail (don't get connection with the server). When I do the same configuration with the wan address the redirecting is successfull.

Any ideas to resolve this case?

Francisco Ricardo

dotdash · Mar 23, 2007, 6:38 PM

How are you testing via dnsreport unless you have an MX pointing to that IP? I would first try to telnet to port 25 from an outside location to the IP to verify. The setup seems valid (although you only need TCP for SMTP) Verify the alias IP is attached to the correct interface and the firewall rule is open on the OPT1 interface…

fricardo · Mar 23, 2007, 7:45 PM

thanks for you reply dotdash,

I've tested via dnsreport because I have a MX to the OPT1 address. Before, the mailserver was using the address, but now the server has an internal address with the external address in pfsense box doing port forward. I'm using port forward with the option of firewall rules creation marked.

I've tested with an telnet in the smtp port at OPT1 and got wrong. With the port forward in WAN interface …. success!

Very strange

I need more help ... please!

Francisco Ricardo

hoba · Mar 23, 2007, 7:48 PM

Show us your rules and forwards. I have the same setup like you at the office with 2 mx entries, one pointing to the wan, the other pointing to the optwan and it works fine.

fricardo · Mar 25, 2007, 12:56 PM

Hello hoba … thanks. My forward is here ....

WAN2 TCP/UDP 25 (SMTP) 100.100.100.46 25 (SMTP) E-mail mapping
(ext.: 200.241.xx.xxxx )

and the rules was created automatically by the pfsense.

At LAN interface:

TCP/UDP 100.100.100.46 * * 25 (SMTP) 200.241.xx.xxx NAT mail mapping

and at OPT2/WAN2 interface ....

TCP/UDP * * * 25 (SMTP) * NAT mail mapping

I´m waiting for more help.

Thanks,

Francisco Ricardo
Natal/RN - Brazil

hoba · Mar 26, 2007, 10:57 AM

Can you change your rules to only use tcp (portforwards as well as firewallrules)? Ther just was another thread where somone seemed to have a problem with tcp/udp rules. Maybe we have a bug hiding somewhere. Mailtraffic at port 25 (SMTP) is TCP only.

fricardo · Mar 27, 2007, 7:54 PM

Thanks hoba …

I´ll testing tomorrow and I´ll posting the results.

Francisco Ricardo

Natal-RN / Brazil

fricardo · Mar 28, 2007, 11:10 AM

Thanks for help hoba!!

The problem was resolved … I do SMTP port forward with TCP only and ... get right :). My MX registry is pointing to my OPT1 (WAN2) interface and now mail server is working correctly.

Francisco Ricardo
Natal/RN - Brazil

Problems with dual wan and port forwarding

WAN interface (DHCP) –----- \ ---------| pfsense box | ---------| |------------> DMZ / /

WAN interface (DHCP)
–-----

\
---------| pfsense box |
---------| |------------> DMZ
/
/