Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT issues to HAProxy (not running on PfSense)

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dineshmistry
      last edited by

      I am having problems when I use NAT to send port 25 traffic to a HAProxy server on my internal network. It works correctly from within the LAN and there are no firewall rules on the host itself.

      If I NAT directly to one of the SMTP servers it works just fine, but I would like to send traffic to the HAProxy so it can load balance across and provide HA.

      Configuration that works

      Internet -> pFsense (NAT direct to SMTP)

      Configuration that does not work

      Internet -> pFsense (NAT to HAProxy internal server) -> 2x SMTP servers

      Can anyone think why sending to the proxy would not work while going direct would?

      Thanks in advance,
      Dinesh

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        Imo that 'should' work as it is..
        You are testing from 'the internet' right? If testing the wan-ip from the lan-network you could be running into reflection issues..

        Other than that, check with```
        tcpdump -ni <nic> "port 25"</nic>

        1 Reply Last reply Reply Quote 0
        • W
          wussupi83
          last edited by

          How did you set-up your NAT?

          1 Reply Last reply Reply Quote 0
          • D
            dineshmistry
            last edited by

            Attached is how I have my NAT configured

            Snip20171125_17.png
            Snip20171125_17.png_thumb

            1 Reply Last reply Reply Quote 0
            • D
              dineshmistry
              last edited by

              I am actually testing from the outside world to the WAN IP on port 25

              telnet <wan ip="">25 from a system on the internet</wan>

              1 Reply Last reply Reply Quote 0
              • W
                wussupi83
                last edited by

                @dineshmistry:

                I am actually testing from the outside world to the WAN IP on port 25

                telnet <wan ip="">25 from a system on the internet</wan>

                Can you telnet on another port from the outside world? Port 25 is often blocked OUTBOUND by ISP's in order to prevent spam emails being able to be sent out from virus/malware infected computers. It could be the "outside" internet connection you are testing from has port 25 OUTBOUND blocked by it's ISP.

                You did say it worked in the previous configuration and the problem only occurred when you added the proxy.

                1.) Any chance it was working using port 465 or 587 (instead of 25)  before?

                2.) If it was definitely using port 25, I would run a packet capture on both the WAN and proxy server interface to see if the port 25 traffic is 1.) hitting your firewall and 2.) passing through your firewall. Please share the results.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.