nat for 2 email servers with just 1 wan?
-
Hi guys.
I have 2 email servers for different domains.
1 pfsense with 1 wan.
Is possible to NAT traffic for both servers using the same email ports 465/993 on each one?
Or is possible to deal with something like this?
Thanks for your time.
Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
www.bajaopensolutions.com
https://www.facebook.com/BajaOpenSolutions
Quieres aprender PfSense, visita mi canal de youtube:
https://www.youtube.com/c/PedroMorenoBOS -
Not that I'm aware of. You could possibly arrange for another public IP address from your ISP, and then add that as a VIP. Then you could create NAT rules to handle both servers.
-
You can have 1 mail server in front accept mails for both domains, and then if separation is required forward the mails to the actual mail server for each domain.
This can not be solved by NAT.
-
Never tried it but should be possible with HAProxy.
-Rico
-
@grimson u mean add a extra email server that will accept the connection and them forward the traffic base on something to email1 or email2 ?
-
@kom here with scenario we need 2 wans to manage the traffic for each email server right?
Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
www.bajaopensolutions.com
https://www.facebook.com/BajaOpenSolutions
Quieres aprender PfSense, visita mi canal de youtube:
https://www.youtube.com/c/PedroMorenoBOS -
No, if your ISP can route multiple IPs to you say they give you a /30 or /29 network all can be handled with one WAN interface.
-Rico
-
@rico said in nat for 2 email servers with just 1 wan?:
Never tried it but should be possible with HAProxy.
I've only seen HAProxy for load-balancing purposes on mail servers, not to distribute the mails to different servers based on the sender/receiver address.
@periko said in nat for 2 email servers with just 1 wan?:
@grimson u mean add a extra email server that will accept the connection and them forward the traffic base on something to email1 or email2 ?
https://en.wikipedia.org/wiki/SMTP_proxy
-
@rico can u please give more details in case we have other IP available and want to use the VIP u mention?
-
@periko Call your ISP and ask them how much it would cost for them to assign & route to you another IP address. It should be no problem if it is a business account. Then you simply add it to pfSense as a Virtual IP - IP Alias.
-
@kom I will check this, thanks.
-
@periko said in nat for 2 email servers with just 1 wan?:
Is possible to NAT traffic for both servers using the same email ports 465/993 on each one?
These are ports to deposit mail for sending (smtps) and consulting mails on a mailbox/server imaps (993).
These two ports are probably used by fat-mail-clients like Outlook or Thunderbird.
Take the more intelligent (smaller ?) user (== domain ?) group of your 2 mail servers, and say to these guys : "Hey, guys, if you see somewhere that mentions port '993', change it for 994' - idem for 465, make that 466."
Now you can NAT easily on your side.Most people don't care less what they have to choose, they only setup a mail clients ones, and will redo it when their computer breaks down after X years. They don't know why its "465" or "993" anyway.
Note : this won't work if it concerns port 80 or 443 .... people don't know that they use these ports several times a day
