Mail server with different gateway



  • We have 2 WAN connections – one is protected by pfSense and the other one with Fortigate. The email server uses the Fortigate as its gateway. I wanted to create a redundancy for inbound mail -- allow both firewalls to accept SMTP. Is this possible?


  • Rebel Alliance Developer Netgate

    That wouldn't work, really, unless both WANs were hooked directly into pfSense.

    When pfSense has a port forward in to a local server on two WANs, it uses pf's reply-to tag to know which WAN the traffic should go back out of, so it can leave the same way it came in.

    If you have two separate routers pushing traffic in to one server, it wouldn't have any way to know which gateway to send the traffic out through, it would always use its default gateway.



  • Jimp is right. It will not work unless you are using ONE pf box for both the WANs.

    please check my other post at http://forum.pfsense.org/index.php/topic,32043.msg165978.html#msg165978

    Thanks



  • Wouldn't it work if you do a normal port-forward on the pfSense and then add an outbound NAT rule to NAT all traffic from the WAN to the LAN?
    This way the traffic would look to the server as if it originates in the local subnet.


  • Rebel Alliance Developer Netgate

    It may work (if the other router is their default gateway) but you would lose all client information. All e-mail would appear to be connecting from the firewall, which may break any kind of trusted network or spam filtering setup that relies on having that information be accurate.


Locked