Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Fort Forwarding SMTP - One wan works the other does not

    NAT
    2
    4
    316
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Wurstsemmel
      last edited by Wurstsemmel

      Hello!

      I have a pfSense Cluster in front of a Sophos UTM Cluster. The Sophos UTM works as mail gateway. There are 3 wans connected to the pfSense.

      My goal is forwarding port 25 from pfSense to Sophos UTM on all 3 wans - a simple task (at least that's what I thought).
      The pfSense is not (yet) the default gateway of the Sophos UTM, so I use NAT from pfSense to UTM for masking the external ips to the internal subnet.

      Wan1 (ADSL) is working correct:
      1.2.3.4 --> pfSense --> 192.168.240.10 --> Sophos UTM, SMTP is working perfectly fine.

      Wan2 (SDSL) is acting strange. I can see that the nat is working (tcpdump on destination shows correct source 192.168.240.10. But for some reason, the pfSense is not getting the syn ack or is not able to process it.

      I cannot find the reason that is messing up this nat.

      This is the states table (ADSL is the working connection, SDSL the not working one):
      0_1552558565500_states.PNG

      This is the tcp dump of the not working connection (192.168.240.10 is the source address of the pfSense, 192.168.240.251 is the Sophos UTM).
      0_1552557955874_wireshark.PNG

      Edit: This are the nat rules
      0_1552558359884_fort_forwarding.PNG
      0_1552558449880_outbound_nat.PNG

      Any help is appreciated :-)

      Greetings
      Sebastian

      1 Reply Last reply Reply Quote 0
      • W
        Wurstsemmel
        last edited by

        Ok, I did discover the problem here. The reply of the initial request gets out on a wrong wan (the default wan).
        So I have to change my question to : How do I use port forwarding on a non default wan connection?

        1 Reply Last reply Reply Quote 0
        • W
          Wurstsemmel
          last edited by

          Sorry for reposting. If I set the corresponding gateway in the wan interface configuration, everything works as expected. I am confused, as the guides for CARP clearly state NOT to do this.

          jimpJ 1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate @Wurstsemmel
            last edited by

            @wurstsemmel said in Fort Forwarding SMTP - One wan works the other does not:

            Sorry for reposting. If I set the corresponding gateway in the wan interface configuration, everything works as expected. I am confused, as the guides for CARP clearly state NOT to do this.

            I'm not sure where you read that, but the HA guides don't say not to use gateways on WAN interfaces. Perhaps you misunderstood some other HA point.

            All WAN-type interfaces should have a gateway selected on their interface configuration.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.