Mail server running before moving it behind pfsense
-
Hi Guys, I have a mail server that is working before I installed the PFSENSE SERVER.
I have created 2 interface which is
- WAN - bridge connected on the main router
- LAN - DHCP IPV4
If i try to connect on my main router without pfsense, I can use the
telnet gmail-smtp-in.l.google.com 25but if I connect the server on the pfsense. It does not Connect at all.Do you have any ideas wheere did I went wrong?
So here is my basic network setup
-
Main Router 192.168.1.x
-
PFsense 192.168.1.20
-
Pfsense lan (virtual IP) 10.0.0.1
-
Mail server 10.0.0.17
-
PFsense GUI 10.0.0.254
-
pfSense isn't a server. It 'serves' nothing. It's a router / firewall ;)
What is this :
@potatoruisu said in Mail server running before moving it behind pfsense:Pfsense lan (virtual IP) 10.0.0.1
@potatoruisu said in Mail server running before moving it behind pfsense:
telnet gmail-smtp-in.l.google.com 25
Lucky you. I can't do that from here, @work and @home.
Close to most ISPs block port 25, TCP - only the mail server of your ISP (port 25, TCP) is allowed. Or isn't pfsense & mail server not that at @home ?Btw : my ISP upstream router also uses 192.168.1.1/24
pfSense WAN obtains a 192.168.1.3
My pfSense LAN is 10.0.0.1
My LAN devices obtained a 10.0.0a to 10.0.0.b where b-a is the DHCP pool of pfSense.
So, with a pfSense NAT rule, natting port 25 TCP to the LAN IP of your mail server, it 'should' work.gmail-smtp-in.l.google.com is the host name of your mail server ? Are you google.com ?
Also : a mail server belongs on dedicated servers or VPS, or whatever they call it these days, using a IPv4 and IPv6 reserved for you.
I'm running one for the last decade or two, without any router or firewall in front of it.
( well, not exactly true : I do use fail2ban that uses iptables and ip6tables to block incoming 'stupid' requests ) -
gmail-smtp-in.l.google.com is the host name of your mail server ? Are you google.com ?I was trying if I can connect via telnet on that server because I saw some articles that you can test if your port 25 is blocked and it will return an error.
Before I setup my PFSENSE router/firewall. I can directly connect via telnet on that given link. but when I started to use pfsense as my router. SMTP port returns an error when trying to connect via telnet.
@gertjan said in Mail server running before moving it behind pfsense:
Also : a mail server belongs on dedicated servers or VPS, or whatever they call it these days, using a IPv4 and IPv6 reserved for you.
Yes I have public static Ipv4 and Ipv6 . That's why I'm confused about it.
@gertjan said in Mail server running before moving it behind pfsense:
I'm running one for the last decade or two, without any router or firewall in front of it.
( well, not exactly true : I do use fail2ban that uses iptables and ip6tables to block incoming 'stupid' requests )I have knowledge in installing a Mail server but this is the first time I used PFsense.
-
@potatoruisu
So forward port 25 to the server on pfSense as described in Port Forwarding and Local Services.Also you have to redirect port 25 to pfSense WAN IP on your main router.
-
@potatoruisu said in Mail server running before moving it behind pfsense:
I was trying if I can connect via telnet on that server because I saw some articles that you can test if your port 25 is blocked and it will return an error.
Yeah, if the mail server can't connect to some port 25, like the famous "gmail-smtp-in.l.google.com" then you have an issue.
@potatoruisu said in Mail server running before moving it behind pfsense:
Before I setup my PFSENSE router/firewall. I can directly connect via telnet on that given link. but when I started to use pfsense as my router. SMTP port returns an error when trying to connect via telnet.
pfSense, when you install it - using default settings, and no DNS settings entered by you, behaves like any other router on planet earth : it works.
pfSense does not block "google.com" or some of it's sub domains.pfSense resolves the host name just fine :
[2.5.2-RELEASE][admin@pfsense.my-router.net]/root: dig gmail-smtp-in.l.google.com A +short
64.233.162.26
[2.5.2-RELEASE][admin@pfsense.my-router.net]/root: dig gmail-smtp-in.l.google.com AAAA +short
2a00:1450:4010:c05::1aDoes yours ?
But this is for me a no go :
[2.5.2-RELEASE][admin@pfsense.my-router.net]/root: telnet gmail-smtp-in.l.google.com 25 Trying 2a00:1450:4010:c05::1a... telnet: connect to address 2a00:1450:4010:c05::1a: Connection refused Trying 64.233.162.26... Connected to gmail-smtp-in.l.google.com. Escape character is '^]'. 220 mx.google.com ESMTP f5si1696997lfg.480 - gsmtp HELO what-the-f*ck 501-5.5.4 HELO/EHLO argument "what-the-f*ck" invalid, closing connection. 501 5.5.4 https://support.google.com/mail/?p=helo f5si1696997lfg.480 - gsmtpConnection closed by foreign host.
oh wait.
The first IPv6 was expressibly refused.
But another MX IPv4 64.233.162.26 was routed to google.
I could initiate a HELO just fine.I could even connect from a PC (did not activate telnet, used Putty in telnet mode) to a port '25'. That's new for me.
-
When you try to connect from the server behind pfSense what is the error shown exactly?