Mail servers imap behind pfsense not reachable
-
Yes I know, when I do a packet capture on my WAN. I get an empty log
I know that the IMAP responds but I can't reach it with a E-Mail client
-
Well then you not sniffing on the right interface, or the correct port?
Are you using PPPoE for your connection?
Or maybe there is something in front of your device answering for these ports? If what your saying is pfsense never sees the traffic. Then you have something in front of pfsense answering?
If your not seeing loads of traffic when you sniff on your wan... Then your sniffing on the wrong interface or you have something wrong with your packet capture.. Do a simple tcpdump from pfsense console.
-
I used these settings
Pfsense is hooked up straight to my ISP modem, my LAN interface goes to a layer 2 cisco switch, the mail server is attached to the switch
-
Well do it without 143, do you see lots of traffic?
If you see lots of normal traffic, and nothing on 143 - then something in front of pfsense is answering for 143..
-
When I do not specify a port I see loads of traffic, HTTPS traffic
-
Well then 143 is not getting to pfsense, but something answers on your IP (one connected to the forum with)
Maybe your ISP intercepts this traffic... But if pfsense never sees traffic to 143, how could it ever forward it?
This is why step one in any sort of this troubleshooting, is to actually VALIDATE traffic is getting to pfsense.. Pfsense can not do anything with something it never sees.
You sure pfsense wan is public address? Its not a rfc1918 address?
-
@johnpoz said in Mail servers imap behind pfsense not reachable:
This is why step one in any sort of this troubleshooting, is to actually VALIDATE traffic is getting to pfsense.
Mentioned about eight times in this thread, but still seems to be ignored.
-
The mail server is on my current IP, but with my previous router it worked fine (Non pfsense).
And yes I am 1000% sure my pfsense WAN IP is my public IP, because all of my websites running from this network are up and reachable. -
Well something is answering on his IP he is connecting to the forum with, which I would assume his IP... But from his packet capture - nothing is getting to pfsense..
Pfsense can not forward what it does not see.. This is basic 101 stuff here..
edit: I do not know what to tell you.. This is basic 101 stuff here, if you can not show us pfsense seeing the traffic on its wan... How could it ever do anything with it.. All I can tell you is something answers on 143 when I hit the IP you connected to the forum from..
-
@daan said in Mail servers imap behind pfsense not reachable:
When I do not specify a port I see loads of traffic, HTTPS traffic
You can also limit the capture to multiple port by entering "143|587|993" for instance to take all IMAP ports.
-
@daan
You can check your real public IP on web services like https://whatismyipaddress.comThe IP you get displayed there must match your pfSense WAN IP, otherwise there is a router in front of pfSense.
-
@viragomann I know my it is the same IP as the pfsense WAN interface IP
-
@johnpoz this is my capture with 143|465|587|993 as ports
-
Do a simple sniff on 143 then..
Then go to can you see me . org and put in 143..
You should see this traffic. Clearly sniffing is working.. But I don't see any traffic for 143.
To be honest, sure looks to be working to me.. Whatever issues you might be having with imap has nothing to do with pfsense. I get a connection to 143, and sure seems to be whatever server your running behind pfsense.. reports Dovecot (Debian), which is what your Poste.io server uses for imap..
btw I see 993 there in your sniff which would be imap over tls. Maybe your client is just not using 143 when you tested which is why you didn't see on sniff.. Do can you see me . org so you know exactly what port is being sent.
-
@daan said in Mail servers imap behind pfsense not reachable:
this is my capture with 143|465|587|993 as ports
Ther is obviously a communiction on 993. Possibly your client switches automatically to 993 (SSL)?
However, the traffic may be outbound as well. You're the only one who knows the destination IP, we cannot see it.
-
@viragomann said in Mail servers imap behind pfsense not reachable:
Ther is obviously a communiction on 993. Possibly your client switches automatically to 993 (SSL)?
Hummm : 993 was already mentioned above.
Check if the mail server "IMAPS" is listening on port 993 on the IMAP server before you NAT that port (TCP). -
@johnpoz These are my client settings, the settings worked fine with my previous router.
And yes I am using poste.io
-
@viragomann My public IP reports in inbound as well as outbound traffic on port 993
-
Well your client not set to use 143 in that setup. So why would you think you would see traffic on 143?
Not sure what to tell you... Pfsense only job in this is sending the traffic on to where you tell it to send it. Clearly from your sniff that is happening on 993.. So whatever issues you have with imap has nothing to do with pfsense.. Its a dumb doorman in the big picture.. It sees traffic on port X, and sends it on to where you told it to send it.. And then sends the answer back - it has nothing to do with the workings of the conversation.. Nor does it care..
-
@Gertjan Yes I did I uploaded a screenshot of it
