Dual IP email server with LAN?



  • Hi,
    I was wondering if someone could assit on what i might be doing wrong?

    So right now i have pfSense box with 2 network cards, one is the WAN and the other is the email server IP, I have users navigate though the WAN while the email server (192.168.3.150) sends out email using the static IP 200.116.3.xxx. The issue is that when pfSense reboots and come back online the users some how are navigating with the 200.116.3.xxx instead of the 181.137.104.xxx.

    The only way to fix this is reboot the modem of the lSP but its a hassale sometimes, so i thought maybe it could be the NAT config or the lan rules using the gateway which i tried see pictures

    Thank you






  • Rebel Alliance Global Moderator

    So in your gateways do you have them both set as default?



  • Thanks for the reply, I think that the WAN is the default gateway which is the IP I want users to navigate with the 181.xx.xx.xx see picture

    Thank you



  • Netgate

    "Outbound NAT determines how traffic leaving a pfSense system will be translated.

    Outbound NAT does not control which interface traffic will leave, only how traffic is handled as it exits. To control which interface traffic will exit, use policy routing or Static Routes."

    What are the rules on the 192.168.3.0/24 interface?



  • Thanks for the reply, As rules for the rules on my LAN, I have the email server 192.168.3.150 going out with the IP of 201.xx.xx.xx no issue there, but its the navigation of the LAN that i cannot get it though the WAN (181.xx.xx.xx) I was looking on routing but on the note it says

    Do not enter static routes for networks assigned on any interface of this firewall

    So im guessing that not it?

    Thank you



  • Netgate

    What's in the WPAD port alias?



  • thanks for the reply, its blocking port 443


  • Netgate

    Nobody on your LAN will be able to use https then.



  • true because i force them to use WPAD meaning facebook or any https site i want to block i can as long as they auto detect the proxy and anything else goes though transparent port 80


  • Netgate

    OK so what, exactly, is not working? Now we have squid in the mix there.

    Like right now. what is broken? Specifically.



  • well nothing is really broken, so normally i have users navigate on 181.xx.xx.xx which is the WAN and the email server IP which is on another NIC gives out an IP of 201.xx.xx.xx, Whats odd or funny when pfSense reboots some how users start navigating with the 201.xx.xx.xx not sure why, so what i have to do is reboot the lSP modem wait around 10min and then users start navigating on the 181.xx.xx.xx. I guess my question is why does that change when pfSense reboots, when the NICs are completely  different and on pfSense shows the WAN with 181.xx.xx.xx.

    Thank you


  • Rebel Alliance Global Moderator

    Well its a gateway right, if wan is down it can use the other gateway.. You don't have any rules that says it can't use it.  Or to use a specific gateway.  Your hybrid nats say nat only your email server, but what does the automatic nats say, etc.

    If you don't want your other devices using a gateway when the other gateway is down, then put in the rules that they can only use that specific gateway..



  • Thanks for the reply, So if i understood correctly I would need to go to pfSense then go to routing and find  a way to route the LAN to use only that Gateway?

    What very odd this is only happens when pfSense reboots, the only way to get it the way i want, if i reboot the lSP modem a few times which its a pain

    Thank you