Mail server behind pfsense



  • All,

    I have a Mac OSX Snow Leopard Server running behind a pfsense router. I can access the mail server and webmail just fine when I am outside of the network that the mail server is on using mail.example.com or webmail.example.com.
    However, when I go on the network that the mail server is connected to and attempt to check my email or go to webmail, I can't connect.
    When I ping the domain name webmail.example.com or mail.example.com it replies with the public WAN IP of my connection. The IP address is correct.

    So I tried adding a CNAME on my Mac DNS server for webmail.example.com and mail.example.com pointing to the server's internal IP address of 192.168.200.3, but when I ping (even on the server), the IP returned is the public WAN IP address still.

    Does anyone have any suggestions?



  • What you are trying to set up with the DNS is split-DNS and it is the recommended way of solving this problem.  The fact that it isn't working indicates you have something misconfigured not related to pfsense.  If you can't figure that out (and this is not the best forum to ask snow leopard questions), you could try deleting the DNS entry and enable NAT reflection on the pfsense.



  • @danswartz:

    What you are trying to set up with the DNS is split-DNS and it is the recommended way of solving this problem.  The fact that it isn't working indicates you have something misconfigured not related to pfsense.  If you can't figure that out (and this is not the best forum to ask snow leopard questions), you could try deleting the DNS entry and enable NAT reflection on the pfsense.

    I setup split-DNS on the router. I was handing out 192.168.200.3 for DNS in the DHCP server settings of pfSense. I changed that to 192.168.200.1 however.
    It appears to be working now.

    The reason it wasn't working on my DNS server is because I only had a primary zone of internal.company.com. So when I added a record for mail.example.com, I think it was taking it as mail.example.com.internal.company.com. When i created a primary zone for just company.com, it worked fine. Although I didn't like that solution because it broke the internal clients from reaching the public web page of www.company.com. Yes, I could have made a host record pointing to the website IP, but unfortunately they use virtual hosting and the IP that's returned in a ping only brings up the hosting company's default landing page for websites saying this page is under construction.

    Thanks for pointing me in the right direction!



  • seems like a similar problm i am/was having
    http://forum.pfsense.org/index.php/topic,23661.0.html


Log in to reply