Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Creating another IP address to use in email

    Scheduled Pinned Locked Moved NAT
    10 Posts 5 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tony
      last edited by

      Hi,

      I am a newbie in pfsense, I just want to know if I can setup another public IP address we have to use in sending email. Right now when we send email the IP address that was reflect in the email header was coming from the pfsense WAN IP address.

      Is there a way to setup the pfsense when we send email it uses a different IP address that we have.

      1 Reply Last reply Reply Quote 0
      • F
        focalguy
        last edited by

        I'm not totally sure since I've not done it but you might try setting up Virtual IPs with a couple of your public IPs. After that I think you could use AON (Advanced Outbound NAT) to set traffic coming from your mail server to originate out of the IP you want and all other traffic can use another IP.

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          If you have more than one public IP address then look at the CARP/VIP forum for configuring those IP addresses.  Then look at the Routing and Multi WAN forum for details of how to control how traffic leaves your network.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You could do 1:1 NAT for that extra public IP and the mail server IP to get that done. Usually 1:1 is best for mail servers.

            Or just setup your other public IP as a Virtual IP under Firewall > Virtual IPs, switch to manual outbound NAT, and then set a rule for just the outbound traffic from the mail server IP to NAT out on that virtual IP.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • T
              Tony
              last edited by

              Thank you guys I really appreciate your prompt reply. so what would you suggest is the best practice and more reliable for this kind of setup.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                In that situation, I would use 1:1 NAT for the mail server and ensure it is the only thing using that IP (no other port forwards on it).

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • T
                  Tony
                  last edited by

                  Thanks, I am not familiar with 1:1 NAT although I read some forum on how to implement it and seems like you need a separate interface to do it. Also for implementing AON it stated that only with the mapping you specify will be used. I am pretty carefull of changing anything yet as our pfsense was the live firewall, however just to give you and idea of our current setup and maybe you can recommend what would be the easiest and reliable setup.

                  This is my current setup:

                  pfsensenat.JPG
                  pfsensenat.JPG_thumb

                  1 Reply Last reply Reply Quote 0
                  • T
                    Tony
                    last edited by

                    I have 4 Network card on my Pfsense Box

                    WAN - Connected to the switch where the switch was connected to the modem going to the internet.
                    LAN - Connected to our local Network Switch.
                    OPT1 - Used in CARP connected to the other pfsense box opt1.
                    DMZ - Bridge to WAN (connected to the other switch where our FTP server connected using public IP address).

                    All rules has been setup only on WAN interface.

                    We also have OpenVPN and IPSec setup on this box.

                    1 Reply Last reply Reply Quote 0
                    • O
                      overand
                      last edited by

                      1:1 NAT does not require an additional interface.

                      1:1 NAT is as its name implies - 1:1 NAT means "One to One NAT" - one internal IP address mapped directly to one external IP address - all outbound traffic from that internal IP address will be NAT mapped to the external IP - and all internet traffic going to that external IP address will be NATed in to the internal IP address.

                      This means you need to be careful with your firewall rules, as this is roughly equivalent to doing a "port forward" for all ports.

                      JimP was suggesting you ensure you're not already doing any 'port forwards' using the IP address in question.  If you are, but they're going to go to this same internal IP address, you can remove them and add the 1:1 NAT mapping instead.

                      Advanced Outbound NAT is also a perfectly acceptable option - this is entirely dependent on your needs.

                      1 Reply Last reply Reply Quote 0
                      • T
                        Tony
                        last edited by

                        Thanks overrand,

                        If I am going to setup 1:1 NAT do I have to remove the Port Forward that I was previously setup for this specific External IP ? Also how do I setup a firewall rules on 1:1 NAT?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.