Firewall or NAT for forcing email thru specific WAN Port

viragomann

You're talking about emails from inside your LAN, I assume.

@jmvelez said in Firewall or NAT for forcing email thru specific WAN Port:

I put a rule on my LAN network to send that traffic thru the WAN1 and its gateway.

A policy routing rule, using WAN1 GW? If that doesn't work the rule is obviously not matching.

@jmvelez said in Firewall or NAT for forcing email thru specific WAN Port:

WAN1 is also the default gateway.

So the outbound traffic should go to this one as long it isn't routed to elsewhere by policy routing.

What are your WAN settings and gateways. Show the routing table.

jmvelez

Thank you for your response. I am out of the office but will send you the LAN rules later today.

jmvelez

This are the firewall rule for the WAN1

	0 /0 B
  			IPv4 * 	* 	* 	pfB_badip 	* 	* 	none 	  	pfB_badip auto rule 	
  				0 /0 B
  			IPv4 TCP 	VCSLAN net 	465 (SMTP/S) 	XAIRNET address 	465 (SMTP/S) 	WANGW 	none 	  		
  				0 /0 B
  			IPv4 TCP 	* 	25 (SMTP) 	XAIRNET address 	25 (SMTP) 	WANGW 	none 	  		
  				0 /0 B
  			IPv4 TCP/UDP 	* 	* 	VCSLAN net 	53 (DNS) 	* 	none 	  		 	  		
	Name 	Default 	Interface 	Gateway 	Monitor IP 	Description 	Actions
	WANGW (default)		Default (IPv4) 	XAIRNET 	199.255.119.209 	8.8.8.8 	WAN Gateway 	
	libertygw 		LIBERTYWAN 	192.168.10.1 	8.8.4.4 	liberty wan 	
	opticoGW 		OPTICO 	192.168.1.1 	192.168.1.1 	optico gateway

viragomann

You restricted the source port to 465 respectively 25! The source port has to be any, the client use a random port for sending mail out.
Only the destination port is 25 respectively 465.

jmvelez

@viragomann I did try any and it keeps sending thru the WAN2 port

Bob.Dig

@jmvelez Post a picture.

viragomann

@jmvelez
Yeah. We need some more information to investigate the issue.

What IP tries sending out mails?
Post a screenshot of the whole LAN rule set.
Explain the aliases you used.
What is your default gateway?

jmvelez

The Pfsense LAN port has one device connected to it SME Server (mail, web, file server) with Two network card one connected to the pfsense and the other to our local LAN (phones, computer, printers etc.). The pfsense has 3 WAN but the valid IP for the mail server is WAN1. The aliases are used to port forwarding from the pfsense to the sme server. The default gateway is the WAN1 port.

VCSLAN

viragomann

You obviously have set that interface as incoming in pfBlockerNG.

@jmvelez said in Firewall or NAT for forcing email thru specific WAN Port:

The Pfsense LAN port has one device connected to it SME Server (mail, web, file server) with Two network card one connected to the pfsense and the other to our local LAN (phones, computer, printers etc.)

And the default route on this server is pointing to pfSense VCSLAN IP?

"XAIRNET address" is the smart host, the mail server is sending out mails to?
Check if that matches.

The WAN1 GW was up when you tried to send mails?
It's quiet strange that the mails are going out not the default gateway, even if it's up and there is no rule within your rule set directing the traffic to any other.
However, I don't know what's behind the gateway group.

jmvelez

@viragomann I removed the Xairnet address and replace it with any. I was able to send mail with no problem now thru the WAN1 port (the gateway). Thank You for your help