Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error Sending Email: Network is unreachable

    Scheduled Pinned Locked Moved Routing and Multi WAN
    15 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cpk
      last edited by

      Not with this version.  I have a bonded T1 Internet connection which never goes down and a Cable Internet that fails from time to time (until you reset the cable modem).  In general, this has been working fairly well since 2.1.5 came out.  The log entries I posted were the last two in the Gateways section.  We had some Cable outages on April 10 but were good through most of March.

      1 Reply Last reply Reply Quote 0
      • KOMK Offline
        KOM
        last edited by

        Are you on a static public IP or does your ISP like to change it up regularly?

        1 Reply Last reply Reply Quote 0
        • C Offline
          cpk
          last edited by

          We have static IPs from our ISPs.

          1 Reply Last reply Reply Quote 0
          • KOMK Offline
            KOM
            last edited by

            Check Status - RRD Graphs - Quality around the times you get the errors to see if there is an issue with your link.

            1 Reply Last reply Reply Quote 0
            • C Offline
              cpk
              last edited by

              I don't see any breaks in the graphs.

              What I'm hoping to get here are some theories of what might be happening and some ideas of how to prove or disprove those theories (even if it's something to look at the next time the problem occurs).

              I looked for similar problems online, and this was the closest I could find:
              http://www.reddit.com/r/networking/comments/15qowe/pfsense_routing_issues/
              Unfortunately, it doesn't explain anything about why the problem happened or why the fix worked.

              1 Reply Last reply Reply Quote 0
              • KOMK Offline
                KOM
                last edited by

                I've seen cases like this where the ISP changes your IP address and pfSense doesn't pick up the change until reboot, but that isn't the case here.

                1 Reply Last reply Reply Quote 0
                • C Offline
                  cpk
                  last edited by

                  I've disabled snort for now, so the system log goes back days instead of minutes.  That will allow me to view the system log when this problem occurs again.

                  I was working with the impression that some email was still working while other email was not.  Turns out that this is not the case (at least not on April 14).  All SMTP connections from our mail server to servers outside our network failed with "Network is unreachable".

                  I am also working with the impression that other Internet traffic is still working when this happens.  I have verified this by checking a web server log that shows we were receiving web traffic.  I can also confirm that inbound SMTP was working to our mail filter at that time.

                  If you can think of anything else I should check or test, please let me know.

                  1 Reply Last reply Reply Quote 0
                  • KOMK Offline
                    KOM
                    last edited by

                    If everything was working except for one server having a problem outbound only, then I would likely focus on that one server.  It doesn't sound like a global problem with pfSense.  Do you have any outbound NAT rules to translate your mailserver IP to a public one that matches your mail certificate or something like that?  Anything funny in the system log of the mail server when it has this problem?  When it has the problem, can you manually do anything on the box or go anywhere?

                    1 Reply Last reply Reply Quote 0
                    • C Offline
                      cpk
                      last edited by

                      No, there's nothing of interest in the mail server system log.

                      Yes I have NAT rules.  I use 1:1 NAT for each public-facing machine.

                      The next time I have a problem, I'll try to access the Internet from the mail server (likely just use a browser to visit google.com).

                      1 Reply Last reply Reply Quote 0
                      • P Offline
                        phil.davis
                        last edited by

                        It could be an issue with the mail server not being able to get DNS resolution (for whatever reason). The message "(connect to … Network is unreachable)" might come out when the name of the remote target system cannot be resolved (as well as when the name to IP is resolved but the remote system is actually not reachable). Perhaps it is just names of other mail servers that cannot be resolved, which would be a reason for it to effect the mail server but for other users/clients to be happily working away on the internet.

                        When the problem happens again, try various different sites - other mail servers and regular web sites.

                        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          cpk
                          last edited by

                          The problem happened again, so here's what I was able to test/determine:

                          • Once the problem happens, no email goes out to the Internet from that computer (several different servers were attempted)

                          • DNS lookups work

                          • From that computer I cannot ping google.com (which works typically)

                          • From that computer, I can access the Internet using a web browser – I suspect because I have ports 80 and 443 load balanced with a different Internet connection.

                          • I did not see anything unusual in the mail server's mail.log

                          • I did not see anything unusual in the mail server's system.log

                          • I hadn't mentioned before that networking internally to that server works as normal.

                          It feels like pfSense receives the packet for SMTP connection and doesn't know what to do with it.  One thing I forgot to test was SMTP connection from another computer on the same network ( something like this: telnet aspmx.l.google.com 25 ).  I'll try that next time.

                          Is there any way to determine how pfSense is routing a connection?

                          Any other suggestions?

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.