Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SMTP rule

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 899 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aisports
      last edited by

      Hello Everyone,
      I ran across something strange in my Pfsense box today and was wondering if anyone can point me in the right direction.

      I am trying to open up an IP range for Office365 to my internal exchange for a migration, but I can not get traffic to pass through.  Here is the rules.

      I first enabled rule 4 and did a test from Office365 to my site, but it failed.  Next, I created rule 1 and did another test and it failed again.  But If I add port 25 to Rule 2, it all works.

      any ideas?
      ![office365 rule.PNG.jpg](/public/imported_attachments/1/office365 rule.PNG.jpg)
      ![office365 rule.PNG.jpg_thumb](/public/imported_attachments/1/office365 rule.PNG.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Why are you obfuscating your private IP addresses? Makes it impossible to help you.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          Aisports
          last edited by

          oops, uploaded the wrong screen shot.  But, it's the same server 10.7.2.3

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Well there is no reason for the first rule not to match if the SMTP alias contains port 25.

            Is there a proper port forward in place for all of these?

            It is a two-step process, port forward and firewall rule. The firewall rules are processed AFTER NAT occurs so they need to pass the post-nat traffic ie. the real IP address and port the inside host is listening on.

            Pretty complete list of things to check here:

            https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              Aisports
              last edited by

              I will read the document and troubleshoot some more, thank you.

              1 Reply Last reply Reply Quote 0
              • A
                Aisports
                last edited by

                Issue was resolved, the NAT rule was not being created.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.