Allow internal ip's to make inbound connections to the external interface



  • Does pfSense 1.2 allow internal ip's to make inbound connections to the external interface?

    Hopefully this makes sense.

    Basically I have several servers I host with several domain names, I change out our Cisco firewall for pfsense and have been very happy with pfsense.
    I have two of the servers that are mail servers with MX records to their public IP addresses (External IP)

    Mail Server1 mx=62.214.213.190
    Mail Server2 mx=62.214.213.195

    When ever someone from mail server1 tries to send email to someone on mail server2, mail server1 cannot make a SMTP connection to mail server2 as it resolves the DNS MX record as the external IP.

    I'm hoping there is a way to allow internal ip addresses to make inbound connections to the external IP of pfSense.

    If not I will setup split horizon DNS to address the issue.

    Thank you for your help



  • I think I may have found the infornation I was looking for, Don't know I didn't see it before when I searched the forum.

    Is it called NAT Reflection under the system/advanced menu?

    I'm thinking I'll Uncheck the Disable NAT Reflection box tomorrow morning and see if this works.

    Does anyone see any problems that might arise from doing so?



  • http://forum.pfsense.org/index.php/topic,7001.0.html

    NAT reflecton only works for normal NAT forwardings and not for 1:1
    If you have the possibility i'd rather set up split DNS.



  • Thank you GruensFroeschli for the reply and the URL Info.

    I'll go with split DNS option.

    Once again Thank you for your help.


Log in to reply