Firewall or NAT for forcing email thru specific WAN Port



  • I have a Pfsense with 3 WAN and one LAN WAN1 is my domain and mail IP. I have try to force port 25 and 465 to that WAN Port but it keeps using WAN 2 and my emails are rejected. I put a rule on my LAN network to send that traffic thru the WAN1 and its gateway. WAN1 is also the default gateway. I try a outbountd NAT with the same results. Any Help?



  • You're talking about emails from inside your LAN, I assume.

    @jmvelez said in Firewall or NAT for forcing email thru specific WAN Port:

    I put a rule on my LAN network to send that traffic thru the WAN1 and its gateway.

    A policy routing rule, using WAN1 GW? If that doesn't work the rule is obviously not matching.

    @jmvelez said in Firewall or NAT for forcing email thru specific WAN Port:

    WAN1 is also the default gateway.

    So the outbound traffic should go to this one as long it isn't routed to elsewhere by policy routing.

    What are your WAN settings and gateways. Show the routing table.



  • Thank you for your response. I am out of the office but will send you the LAN rules later today.



  • This are the firewall rule for the WAN1

    	0 /0 B
      			IPv4 * 	* 	* 	pfB_badip 	* 	* 	none 	  	pfB_badip auto rule 	
      				0 /0 B
      			IPv4 TCP 	VCSLAN net 	465 (SMTP/S) 	XAIRNET address 	465 (SMTP/S) 	WANGW 	none 	  		
      				0 /0 B
      			IPv4 TCP 	* 	25 (SMTP) 	XAIRNET address 	25 (SMTP) 	WANGW 	none 	  		
      				0 /0 B
      			IPv4 TCP/UDP 	* 	* 	VCSLAN net 	53 (DNS) 	* 	none 	  		 	  		
    	Name 	Default 	Interface 	Gateway 	Monitor IP 	Description 	Actions
    	WANGW (default)		Default (IPv4) 	XAIRNET 	199.255.119.209 	8.8.8.8 	WAN Gateway 	
    	libertygw 		LIBERTYWAN 	192.168.10.1 	8.8.4.4 	liberty wan 	
    	opticoGW 		OPTICO 	192.168.1.1 	192.168.1.1 	optico gateway


  • You restricted the source port to 465 respectively 25! The source port has to be any, the client use a random port for sending mail out.
    Only the destination port is 25 respectively 465.



  • @viragomann I did try any and it keeps sending thru the WAN2 port



  • @jmvelez Post a picture.



  • @jmvelez
    Yeah. We need some more information to investigate the issue.

    What IP tries sending out mails?
    Post a screenshot of the whole LAN rule set.
    Explain the aliases you used.
    What is your default gateway?



  • The Pfsense LAN port has one device connected to it SME Server (mail, web, file server) with Two network card one connected to the pfsense and the other to our local LAN (phones, computer, printers etc.). The pfsense has 3 WAN but the valid IP for the mail server is WAN1. The aliases are used to port forwarding from the pfsense to the sme server. The default gateway is the WAN1 port.

    VCSLAN

    155b0c5b-c90a-4fbd-b5b4-69c01b521dcd-image.png
    0b1d78f8-c910-4caa-b0fd-64b4ccf91b0c-image.png



  • You obviously have set that interface as incoming in pfBlockerNG.

    @jmvelez said in Firewall or NAT for forcing email thru specific WAN Port:

    The Pfsense LAN port has one device connected to it SME Server (mail, web, file server) with Two network card one connected to the pfsense and the other to our local LAN (phones, computer, printers etc.)

    And the default route on this server is pointing to pfSense VCSLAN IP?

    "XAIRNET address" is the smart host, the mail server is sending out mails to?
    Check if that matches.

    The WAN1 GW was up when you tried to send mails?
    It's quiet strange that the mails are going out not the default gateway, even if it's up and there is no rule within your rule set directing the traffic to any other.
    However, I don't know what's behind the gateway group.



  • @viragomann I removed the Xairnet address and replace it with any. I was able to send mail with no problem now thru the WAN1 port (the gateway). Thank You for your help


Log in to reply