Email issue internal VLAN to LAN host
I have a web server on a VLAN. This is on a separate subnet/interface than the LAN. I'm trying to send emails to a LAN email host; web server (VLAN) -> VLAN interface -> WAN Interface -> NAT to LAN -> mail host. I can send emails from the VLAN web server to non local domains, EG gmail. However I cannot send emails to my local LAN email server. The LAN email server is a public facing system (working fine for sending/receiving emails). In the webhost logs I can see that it is trying to connect to the email server correctly (Public MX IP and port 25) but the connection just times out. I can ping the WAN IP from the web server successfully.
The NAT setup for port 25 allows all WAN IPs to the mail host. I tried turning off blocking of private and bogon networks to no avail. Packet capture shows nothing. Ideas?
web server (VLAN) -> VLAN interface -> WAN Interface -> NAT to LAN -> mail host.
You mean, the mail server is accessed by its public IP, I guess?
But the traffic never will pass the WAN interface, so the NAT rule is not applied to that traffic.
Have you NAT reflection on in the NAT rule or have you a DNS override in place for the host name?
Thanks for the hint. I didn't realize the traffic wouldn't pass the WAN interface. I'd forgotten that pfsense sort of acts like a router between interfaces by default. I blocked traffic between LAN & VLAN DMZ except for SMTP on the web server and set up a record in my hosts file so email could then be addressed to the mail host directly.