2.0.1 1-1 NAT presenting external interface rather than real IP
-
Since i've upgraded to 2.0.1, the 1-1 NAT that was used for email no longer presents the real IP of the user that is sending the email.
Instead the mail server sees the external IP of the pfsense box instead, and with the mail server blocking connections based on where a user connects from it no longer works correctly.
I've currently had to quickly revert to another gateway to nat correctly.
If i setup a PAT it also does the same thing.
Any suggestions?
Thanks
-
Can you see if both servers has the same outbound nat settings?
-
Upgraded from what version? 1:1 hasn't changed in a long time and works fine, not much to it. The host can get out but goes out on the wrong IP? Check the NAT translation in Diag>States. 1:1 overrides any matching outbound NAT.
-
Upgraded from 2.0.0 release x32
Removed all packages which included snort, squid, darkstat and the pfsense box is back behaving as it should showing the real ip. Not sure why or if it will happen again but it's working.
Very strange indeed.
Thanks
-
If your mail app is a webmail then squid package with transparent proxy could be your 'problem'
-
Have encountered this same issue since upgrading from 2.0 release to 2.0.1 release. were you able to figure out a resolution to this? clearly something did change.
-
someone who's seeing that, please email me a backup of your config with a link to this thread. cmb at pfsense dot org
-
Personally i removed the packages mentioned and that fixed the problem.
I can only assume it was something to do with squid and a failed package upgrade (even though this said it was fine) as this is the only package which could do this reverse proxying.
To confirm this was with all ports not just smtp (25) our webserver also showed connections as coming from the external interface.
