Creating another IP address to use in email

  • Hi,

    I am a newbie in pfsense, I just want to know if I can setup another public IP address we have to use in sending email. Right now when we send email the IP address that was reflect in the email header was coming from the pfsense WAN IP address.

    Is there a way to setup the pfsense when we send email it uses a different IP address that we have.

  • I'm not totally sure since I've not done it but you might try setting up Virtual IPs with a couple of your public IPs. After that I think you could use AON (Advanced Outbound NAT) to set traffic coming from your mail server to originate out of the IP you want and all other traffic can use another IP.

  • If you have more than one public IP address then look at the CARP/VIP forum for configuring those IP addresses.  Then look at the Routing and Multi WAN forum for details of how to control how traffic leaves your network.

  • Rebel Alliance Developer Netgate

    You could do 1:1 NAT for that extra public IP and the mail server IP to get that done. Usually 1:1 is best for mail servers.

    Or just setup your other public IP as a Virtual IP under Firewall > Virtual IPs, switch to manual outbound NAT, and then set a rule for just the outbound traffic from the mail server IP to NAT out on that virtual IP.

  • Thank you guys I really appreciate your prompt reply. so what would you suggest is the best practice and more reliable for this kind of setup.

  • Rebel Alliance Developer Netgate

    In that situation, I would use 1:1 NAT for the mail server and ensure it is the only thing using that IP (no other port forwards on it).

  • Thanks, I am not familiar with 1:1 NAT although I read some forum on how to implement it and seems like you need a separate interface to do it. Also for implementing AON it stated that only with the mapping you specify will be used. I am pretty carefull of changing anything yet as our pfsense was the live firewall, however just to give you and idea of our current setup and maybe you can recommend what would be the easiest and reliable setup.

    This is my current setup:

  • I have 4 Network card on my Pfsense Box

    WAN - Connected to the switch where the switch was connected to the modem going to the internet.
    LAN - Connected to our local Network Switch.
    OPT1 - Used in CARP connected to the other pfsense box opt1.
    DMZ - Bridge to WAN (connected to the other switch where our FTP server connected using public IP address).

    All rules has been setup only on WAN interface.

    We also have OpenVPN and IPSec setup on this box.

  • 1:1 NAT does not require an additional interface.

    1:1 NAT is as its name implies - 1:1 NAT means "One to One NAT" - one internal IP address mapped directly to one external IP address - all outbound traffic from that internal IP address will be NAT mapped to the external IP - and all internet traffic going to that external IP address will be NATed in to the internal IP address.

    This means you need to be careful with your firewall rules, as this is roughly equivalent to doing a "port forward" for all ports.

    JimP was suggesting you ensure you're not already doing any 'port forwards' using the IP address in question.  If you are, but they're going to go to this same internal IP address, you can remove them and add the 1:1 NAT mapping instead.

    Advanced Outbound NAT is also a perfectly acceptable option - this is entirely dependent on your needs.

  • Thanks overrand,

    If I am going to setup 1:1 NAT do I have to remove the Port Forward that I was previously setup for this specific External IP ? Also how do I setup a firewall rules on 1:1 NAT?