Can't Access Mail Server after enabling second WAN connection



  • Hi All,

    I'm running out of ideas as to why i can't access my mail server after enabling a second WAN connection in pfSense.

    Here is some background on my setup.

    I have two WAN connections, the first one labeled "WAN" is a 100 Mb cable connection with static IP's. This connection has been up and running for the past 4 years. Last week I added a 350 Mb cable connection which uses DHCP. This connection is labeled "WAN2". I have configured  offense to load balance both connections and i'm able to surf the internet fine. BW test confirm both links are being used. I have the weighting for the WAN connection as 1 and for the WAN2 connection as 3 in the gateway setup. Both connections have a 35 Mb upload speed and  after setting up the load balancer configuration I'm getting about 65 to 70 Mb upload speeds.

    Here is where my problem is. When I just had the WAN connection up i was using the static IP's to access my servers behind pfSense. My mail server which in on one of the static IP's was accessible via IMAP and SMTP over the Internet. Once I enabled WAN2 and created the working load balancer configuration, I am unable to connect to my mail server. I'm thinking I have a routing issue being caused by the sharing of the two WAN connections.

    Can anyone tell me what changes I need to make to my pfSense configuration to restore access to my mail server? Do i need to tell the mail sever what gateway to use for its internet traffic ?

    I'm hopeing I'm missing something simple here.

    Thanks in advance for any help you can provide.

    Judd


  • LAYER 8 Netgate

    Generally when someone adds Multi-WAN, it is their first foray into policy routing. This tends to cause outbound connections to be broken. Like what used to go out the VPN is now policy-routed out the gateway group. Same for connections to another inside LAN subnet.

    This can be overcome by bypassing policy routing with earlier rules that match the traffic and do not set a gateway, thereby using the routing table instead.

    None of that applies to inbound connections, however. Reply traffic should always be directed back out the interface into which the connection arrived.

    A simple port forward to a mail server should not be affected.

    Can you give more details regarding where the server is, and where the connecting client is coming from, etc?



  • My mail server sits on an internal lan with a address scheme of 192.168.10.0/24. I have a NAT rule that associates one of my public IP's to the mail servers IP. As an example the NAT rule looks like this 62.62.62.62 -> 192.168.10.62. I then have rules on the WAN interface to open up the FW for the ports i need for my mail server (25, 465, 143, 993, 443) these rules all have a destination of 192.168.10.62.

    The static IP's for the mail server comes from the WAN connection which is a static IP connection. DNS is setup to point the domain name for my mail server to the public address of 62.62.62.62

    My second WAN connection (WAN2) is a DHCP connection which is load balanced with the first WAN connection. The load balance setup works and I'm able to search the internet fine and speed test result in the results i expect. The only issue I have is i cannot connect to my mail server via the internet. On the internal network it is fine.

    Please let me know if you need additional information.

    Thanks,
    Judd


Log in to reply