Mail server traffic through alternate IP?
-
Hello,
I have 8 IPs allocated. Right now, all traffic goes out through the first one and I have several services running inbound on the others.
I have a mail server and reverse DNS configured on one IP. The problem is, outgoing mail goes out the first IP and the HELO message does not match.
I have tried enabling advanced outbound NAT and sending all traffic from that server out the correct IP but cannot figure it out.
Any advice on setting up such a config?
-
Can you show a screenshot of your AoN rules?
The rule order is important (from top to down, if a rule matches the rest below is not considered). -
Can you show a screenshot of your AoN rules?
The rule order is important (from top to down, if a rule matches the rest below is not considered).That seemed to be the problem, thanks!
What is the high level difference between AoN and 1to1 NAT?
-
1:1 NAT creates a AoN rule behind the scene and also applies the "static port" option to outbound connections.
You allow traffic from and to the 1:1 NATed device with the firewall rules.
You now can not use this VIP for anything else.With AoN you can create more granular rules.
- Have outbound traffic over a certain VIP but still have the option to scrable outbound ports.
- Forward different ports from the same VIP to multiple servers behind.
- Be able to have different IP groups go over the same/different VIP (ie: x.10 - x.20 VIP1, x.100 - x200 VIP2, rest VIP3, pfSense itself normal WAN).
You "can" have the same functionality with manual AoN rules than with 1:1 NAT, but you have a lot more options.
IMO AoN rules together with normal portforwards (with aliases) is a "more proper way" of forwarding ports than 1:1 NAT.