pfSense+Postfix via Port Foward
-
To make this accessable from WAN and other LAN, I had to add this outbound NAT.
After I learned my outbound NAT settings are not right from experts here, I have been researching document and tutorials on the net, it seems that port forward should work without outbound NAT. I have been testing on test pfsense box with simple setup to simulate my environment.
Without outbound NAT States returns "CLOSED:SYN_SENT".
With the outbound NAT, everything works, but leaving DMZ interface IP as my original problem behaves.I checked all server gateway setting to point the pfsense as the gateway.
I wonder if PPPOE on WAN may affect the result.
I will keep test and find the way to solve this, but I just wanted to have my status update here as you and other experts helped me.
-
[Status Update]
Happy New year to all.
I was able to review and revise my setting to make everything work.
The cause of problem that required to have DMZ outbound NAT which makes me to give up DNAT was the routing setting on the mail server.
The mail server has correct IP/Subnet/Gateway/DNS to use the DMZ interface, however, returning traffic from the mail server was not able to reach DMZ interface. Buit I had to have DMZ outbound NAT on hte pfsense box to work around the issues.
So I added routing IP 0.0.0.0/Sub 0.0.0.0/10.0.0.2 on the NIC setting on the mail server to see if the traffic reach back to the DMZ interface on pfsense box. It worked without outbound NAT on pfsense box.
All traffic between WAN and the mail server via DMZ interface is all good.
One interesting thing is I had to select NAT reflect type NAT+Proxy on the mail server related port forward to access from other net. Pure NAT did not work from other LAN interfaces.
-
Thank you so much for showing your setting and log. That really helped me to know it's possible and assured me to find issues.
Thank you so much for your guidance and educational explanation. It really helped me to put terminologies in 2 different languages together. I appreciate you know things are called different even in same language and it gets more difficult after translated to different language.
Thank you for guiding me to right direction to review my setting. You are correct and helped me to find the break thru.
-
@t-sato said in pfSense+Postfix via Port Foward:
One interesting thing is I had to select NAT reflect type NAT+Proxy on the mail server related port forward to access from other net. Pure NAT did not work from other LAN interfaces.
This does masquerading again, but it is only applied to traffic from inside your network.
NAT reflection helps you to access your inside service by requesting its public IP.
To avoid the need of NAT reflection, we add host overrides to the internal DNS (maybe DNS resolver on pfSense) and point it to the internal IP of the service.But nice, that you got sorted the outside access without masquerading.