Macbook Mail Client
My setup with an SG box has been working well up until yesterday. I got a macbook air given to me and I proceeded to setup mail/contacts/calendars on it, like i did a few years ago when I had a mac air so nothing complex or special about it. I run my own mail server, contacts and calendars from a Synology NAS and this runs fine and supports my ipad and iphone with the aforementioned services, both at home and away.
Contacts worked fined but to my surprise mail and calendar returned the error "cannot verify username and password". I found this odd as my previous experience with apple products is they just work.
I verified my details and also cross checked with my other devices then had several attempts. I even tried downgrading the mac to yosemite as this is what I used to run on my previous air and still the same thing.
I then tried a more logical approach in that I never had trouble in the past so what has now changed, yep pfsense now lives here.
I got my iphone and set it up as a hotspot using the cellular data connection, bingo mail and calendar setups complete and the apps work fine. Drop back to local wifi network thru pfsense and error message comes back and apps won't run.
I have had a look at my config but cannot see anyhting that would so specifically interefere with mail and caldav on OSX only whilst leaving all other apple devices unbothered.
Can anyone offer any suggestions?
How is your network set up?
Are you using a domain name (FQDN) to access the services?
Put a host override in DNS Resolver pointing the FQDN to the inside IP address of the NAS.
I have a standard setup, I guess, whereby I use NAT to redirect incoming connections to my server/ports. I do have a FQDN which is hosted by Namecheap, I have a static IP from ISP. The FQDN and SSL cert are setup on the NAS which is where all the services are located.
I am a newb with networking; what is a host override exactly, the dns resolver doc didn't give any real detailed explanation or example of its use?
In Services > DNS Resolver put a host override to return the local (inside) IP address for your server to local DNS clients.
That did the trick, this was obviously never an issue back when I had a mac and a draytek adsl router. Interesting to see all the little things that 'break' when using a much stricter security device.
What is missing is "NAT Reflection." It can be enabled but is disabled by default.
What you did is known as "split DNS." It is generally considered proper and more elegant than pinballing packets around in the firewall.