Mail server traffic through alternate IP?



  • Hello,

    I have 8 IPs allocated.  Right now, all traffic goes out through the first one and I have several services running inbound on the others.

    I have a mail server and reverse DNS configured on one IP.  The problem is, outgoing mail goes out the first IP and the HELO message does not match.

    I have tried enabling advanced outbound NAT and sending all traffic from that server out the correct IP but cannot figure it out.

    Any advice on setting up such a config?



  • Can you show a screenshot of your AoN rules?
    The rule order is important (from top to down, if a rule matches the rest below is not considered).



  • @GruensFroeschli:

    Can you show a screenshot of your AoN rules?
    The rule order is important (from top to down, if a rule matches the rest below is not considered).

    That seemed to be the problem, thanks!

    What is the high level difference between AoN and 1to1 NAT?



  • 1:1 NAT creates a AoN rule behind the scene and also applies the "static port" option to outbound connections.
    You allow traffic from and to the 1:1 NATed device with the firewall rules.
    You now can not use this VIP for anything else.

    With AoN you can create more granular rules.

    • Have outbound traffic over a certain VIP but still have the option to scrable outbound ports.
    • Forward different ports from the same VIP to multiple servers behind.
    • Be able to have different IP groups go over the same/different VIP (ie: x.10 - x.20 VIP1,  x.100 - x200 VIP2, rest VIP3, pfSense itself normal WAN).

    You "can" have the same functionality with manual AoN rules than with 1:1 NAT, but you have a lot more options.
    IMO AoN rules together with normal portforwards (with aliases) is a "more proper way" of forwarding ports than 1:1 NAT.


Log in to reply