[SOLVED] How do I single out one NAT'd address to appear as it's own WAN ip?
-
I apologize for not knowing the proper terminology here but this is a first for me. Our mail server has now been moved behind our pfsense and everything is running just fine… except for a relative small portion of email servers who are rejecting outbound mail from us because the reverse pointer in DNS isn't matching up.
I completely understand why this should be the norm but am unsure how to get to that point. Right now, all of our NAT'd addresses from the private LAN that the servers live on use a single outbound IP address in one of our public pools that is assigned to one of our WAN ports. I also have several 1:1 NAT rules that allow other IPs on the same class C to be answered for.
The question here is how do I get this specific server to appear as a specific public IP address that isn't the actual WAN IP when it goes out of our network?
Thanks for pointers!
-dtk
-
Go to NAT, Outbound. (If you are not using advanced outbound NAT, change and save.)
Make a rule on the WAN with the ip of the mail server/32 as the source and the NAT and the NAT address the public IP you want it to use. Move this rule before the auto-created LAN-WAN rule. -
Your showing your paygrade! ;D ;D
Thats because your reverse DNS does not match your servers "Banner" or welcome message.. We bounce people for that as well.
use mxtoolbox.com and do an smtp test on your server.
If your behind a dynamic address then you will continue to have problems.
Otherwise you can-
1.attempt to get your ISP to change your reverse dns to match your servers banner or
2.change your servers banner to match your reverse dns.
This is not a pfSense problem.
If you are determined to run your own email server Id recommend you either hire an outside firm to help you get it set up properly or take a crash coarse in email. :) There are many aspects of running an email server that can cause you to pull your hair out that are not readily apparent. One misconfiguration and your an open relay. Just wait when you try and come back from that!
-
Go to NAT, Outbound. (If you are not using advanced outbound NAT, change and save.)
Make a rule on the WAN with the ip of the mail server/32 as the source and the NAT and the NAT address the public IP you want it to use. Move this rule before the auto-created LAN-WAN rule.Thanks… I forgot to mention that I was already using 1:1 and IP aliases. My problem was that the incoming IP was on one WAN and the server was assigned the other WAN as it's outgoing gateway and therefor was using an improper IP. I added an alias to the server on the other WAN and now it is using the proper reverse.
Your showing your paygrade! ;D ;D
Thats because your reverse DNS does not match your servers "Banner" or welcome message.. We bounce people for that as well.
use mxtoolbox.com and do an smtp test on your server.
If your behind a dynamic address then you will continue to have problems.
Otherwise you can-
1.attempt to get your ISP to change your reverse dns to match your servers banner or
2.change your servers banner to match your reverse dns.
This is not a pfSense problem.
If you are determined to run your own email server Id recommend you either hire an outside firm to help you get it set up properly or take a crash coarse in email. :) There are many aspects of running an email server that can cause you to pull your hair out that are not readily apparent. One misconfiguration and your an open relay. Just wait when you try and come back from that!
As for this… I wont get into an argument about mail server setup and which rules and guidelines who follows. You hacked around and got to me after I put my temporary fix into place. I handle the reverse and forward DNS for my domains and IPs. I handle the email server as well. mxtoolbox is reporting no errors or warnings for my mail domain and the one provider who was rejecting mail is now processing.
Thanks all!