Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Macbook Mail Client

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      venno
      last edited by

      Hi All

      My setup with an SG box has been working well up until yesterday. I got a macbook air given to me and I proceeded to setup mail/contacts/calendars on it, like i did a few years ago when I had a mac air so nothing complex or special about it. I run my own mail server, contacts and calendars from a Synology NAS and this runs fine and supports my ipad and iphone with the aforementioned services, both at home and away.

      Contacts worked fined but to my surprise mail and calendar returned the error "cannot verify username and password". I found this odd as my previous experience with apple products is they just work.

      I verified my details and also cross checked with my other devices then had several attempts. I even tried downgrading the mac to yosemite as this is what I used to run on my previous air and still the same thing.

      I then tried a more logical approach in that I never had trouble in the past so what has now changed, yep pfsense now lives here.

      I got my iphone and set it up as a hotspot using the cellular data connection, bingo mail and calendar setups complete and the apps work fine. Drop back to local wifi network thru pfsense and error message comes back and apps won't run.

      I have had a look at my config but cannot see anyhting that would so specifically interefere with mail and caldav on OSX only whilst leaving all other apple devices unbothered.

      Can anyone offer any suggestions?

      cheers

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        How is your network set up?

        Are you using a domain name (FQDN) to access the services?

        Put a host override in DNS Resolver pointing the FQDN to the inside IP address of the NAS.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • V
          venno
          last edited by

          Hi Derelict

          I have a standard setup, I guess, whereby I use NAT to redirect incoming connections to my server/ports. I do have a FQDN which is hosted by Namecheap, I have a static IP from ISP. The FQDN and SSL cert are setup on the NAS which is where all the services are located.

          I am a newb with networking; what is a host override exactly, the dns resolver doc didn't give any real detailed explanation or example of its use?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            In Services > DNS Resolver put a host override to return the local (inside) IP address for your server to local DNS clients.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • V
              venno
              last edited by

              Cheers Derelict

              That did the trick, this was obviously never an issue back when I had a mac and a draytek adsl router. Interesting to see all the little things that 'break' when using a much stricter security device.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                What is missing is "NAT Reflection." It can be enabled but is disabled by default.

                What you did is known as "split DNS." It is generally considered proper and more elegant than pinballing packets around in the firewall.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.