Dual WAN for email servers?
-
Thanks for the reply,
So quick question on the WAN2 (for only users to navigate) the Ipv4 upstream gateway I would leave blank but on the firewall rules the gateway would be from the WAN1?
Thank you See pictures
-
No. Delete that WAN rule. You opened up connections from the internet (into WAN) and routed them back to WANGW.
Read the policy routing document and search for the countless threads here on the subject.
When you want to route connections from LAN clients, you put the rules on LAN.
-
Thank you for the reply, I will do some more reading post back when im ready
Thank you again
-
Hi,
So im going at it again.Allright so I deleted the WAN rule, I guess my real question is that could i use the same gateway as my WAN but use a different static IP. When i configured the 181.xxx.xx.117 i wanted to add the upstream gateway has no option :(
Thank you
-
Both of those interfaces look to be on the same /29. That's not what Multi-WAN is for.
If all you want to do is NAT out a different IP address then delete WAN2, add a VIP on WAN for the .117 address, and change outbound NAT on WAN so SMTP connections NAT to that instead of WAN address.
-
Hi,
Thank you for the reply, So that does clear alot for me so i took your advice added the VIP .117 which is going to be the email server IP but my question im going to change my .114 to be only for users to navigate and my .117 to only be for my email server, OpenVPN,But theres a part where it says
If you add a 1:1 NAT entry for any of the interface IPs on this system, it will make this system inaccessible on that IP address. i.e. if you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) using the WAN IP address will no longer function.
Meaning that if I do the 1:1 it would break the 117?
Thank you
-
Why a 1:1? Why not just port forward port 25 to it?
-
Thank you for the reply,
Well what im trying to do is making the LAN net to use .114 but the email server on the LAN use ONLY the .117
Thank you
-
All you have to do is a WAN port forward .117 port 25 to your mail server and make a host name that resolves to .117 the MX record for the domain(s).
Then use a WAN outbound NAT rule to use .117 as the NAT address for anything sourced from the mail server with a destination port of tcp/25.
Duplicate for any other ports you need.
Firewall > NAT, Port Forward tab
Interface: WAN
Protocol: TCP
Destination: 181.X.X.117
Destination port range: 25
Redirect target IP: EMAIL_SERVER
Redirect target port: 25
Description: Inbound SMTPFirewall > NAT, Outbound tab
Select Hybrid Outbound NAT and add a rule
Interface: WAN
Protocol: TCP
Source: Network, EMAIL_SERVER/32, Port blank
Destination: any, Port 25
Translation Address: 181.X.X.117
Translation port: blank
Description: MAP outbound EMAIL_SERVER/TCP/25 to .117For OpenVPN just add a pass rule for UDP 1194 to the VIP and tell the OpenVPN instance to listen on the VIP (or any) using the Interface select list.
-
Thank you for the reply, I will try on Friday I will post back if its a success with screen shots
Thank you
-
UPDATE:
So everything went amazing but Whats odd all i needed to do was to add the virtual IP thats all and NAT normally as i would.
Thank you again
