pfsense / iredmail issue
-
Ok, I'm just missing something here... and since I've a splitting headache, I've decided to stop trying to find the answer by myself and look to others for assistance. My thanks in advance.
I've a newly set up pfsense box with an existing iredmail mailserver behind it. Port forwarding and automatic firewall rules created. My phone can connect to the mailserver from outside the firewall and send/receive emails. The webmail interface is accessible from outside, but not from inside unless I use the IP address. Outlook (inside) says it connects, but is unable to send/receive. When there was just the old Asus router, I was able to connect using the FQDN and it allowed webmail, outlook, and phone from both inside and outside.
Any ideas?
Bueller?
Port Forwarding:
Firewall Rules: WAN
-
Resolved. It was a DNS issue. Resolver didn't take changes until the entire box rebooted.
-
@wits-end said in pfsense / iredmail issue:
The webmail interface is accessible from outside, but not from inside unless I use the IP address.
On the unbound / resolver page, at the bottom, add a domain override.
Add the domain as you use it when connecting from the outside.
Like :
where the IP is the IP of your mail server.
Or use the IP directly with your devices/programs locally, as DNS is just for humans, programs work with IPs.
@wits-end said in pfsense / iredmail issue:
When there was just the old Asus router, I was able to connect using the FQDN and it allowed webmail, outlook, and phone from both inside and outside.
Yeah, if a host name like "mailserver.my-local-domain.tld" can't be resolved locally ( actually strange : your local DNS resolver doesn't know who "mailserver.my-local-domain.tld" or, its very local .... you should have informed him ^^ thus the over ride ) it will get resolved up stream, because you probably used a DDNS method, or defined it direcly manually in the my-local-domain.tld zone with your domains registrar. This one will give back the WAN IP.
That's like being in the kitchen, going to the toilet, using the front door of the house.
It might work with some ugly (build in ?) NAT like hacks.
pfSense doesn't implement this method - although it can be done, I think - not sure. Anyway, there is a better solution.