Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection Issues

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Auroratech
      last edited by

      Lost my router the other day and decided to replace it with PfSense installed on machine that wasn't doing anything.  I have resolved some issues, but still struggling on few others, I am not sure this is specifically NAT related or Firewall, so I decided to start here, sorry if i started in the wrong place.

      Current configuration is Modem –> PfSense em0(WAN), PfSense re0 --> Network Switch(unmanaged) All devices connect to the switch

      Mail Flow

      Mail is filtered through our Managed Services Host (we are the reseller) before it hits our inhouse Exchange Server, SMTP traffic is only allowed through the MSH set of IPs, they are entered into Exchange and also the Router (this is not new and had been working with the old router, issue is pfsense configuration), but mail would not flow until i allowed all SMTP traffic through pfsense, I have disabled the allow all rule, and mail stops.

      Mobile Mail Flow

      I use an Android Phone connected to exchange, it has not be able to connect since PfSense was installed, getting an error that is repeating in the system log (attached)  unsure how to address this issue, i am noticing that my phone is seeing pfsenses certificate and not exchanges and wonder if that is why, not sure what needs to happen there.

      Thank you for your input, i would like to resolve this before monday.
      ![pfs port forwards.PNG](/public/imported_attachments/1/pfs port forwards.PNG)
      ![pfs port forwards.PNG_thumb](/public/imported_attachments/1/pfs port forwards.PNG_thumb)
      ![pfs rules.PNG](/public/imported_attachments/1/pfs rules.PNG)
      ![pfs rules.PNG_thumb](/public/imported_attachments/1/pfs rules.PNG_thumb)
      ![pfs active sync.PNG](/public/imported_attachments/1/pfs active sync.PNG)
      ![pfs active sync.PNG_thumb](/public/imported_attachments/1/pfs active sync.PNG_thumb)

      1 Reply Last reply Reply Quote 0
      • A
        Auroratech
        last edited by

        UPDATE: I left the office leabi g the wifi and mail flowed to my phone… So it is not flowing to my phone when connected to the office wifi... All on same subnet no vlans...

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Try again without setting source ports. Do not set source ports. Source ports in almost all cases are ephemeral (random and temporary for that connection).

          You had to click advanced then ignore this text to get to where you are (with non-functioning port forwards):

          Specify the source port or port range for this rule. This is usually random and almost never equal to the destination port range (and should usually be 'any'). The 'to' field may be left empty if only filtering a single port.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • A
            Auroratech
            last edited by

            Where should I be putting the addresses where I want it to accept the smtp traffic from?  I don't want an open relay condition…

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              I said source ports not source addresses.

              It's OK to limit certain source addresses.

              I would also put the anti-relay ACL in the mail server itself.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • A
                Auroratech
                last edited by

                Ok, removing the source port numbers has made mail flow, however i still get no mail to my android unless disconnected from the wifi…. Suggestions?

                Also my computer tells me i have no internet access, in network & Sharing Center, as well as on my task bar??? I do have network connection, it just says i don't???

                ![network connection.PNG](/public/imported_attachments/1/network connection.PNG)
                ![network connection.PNG_thumb](/public/imported_attachments/1/network connection.PNG_thumb)
                ![network connection2.PNG](/public/imported_attachments/1/network connection2.PNG)
                ![network connection2.PNG_thumb](/public/imported_attachments/1/network connection2.PNG_thumb)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.