Problem forwarding public IP from interface connected via cross-cable to server

  • Hi thanks in advance,

    pfsense version:
    2.0-BETA5  (i386)
    built on Fri Feb 18 05:24:52 EST 2011

    It has three interface rl0, rl1 & rl2.
    rl0 is WAN with public ip connected to router and GW is the public ip of router interface.
    rl1 is LAN ( Internet connection is working)

    rl2 (MAIL) has public ip  and is connected to mail server with public ip via crossed cable.

    How do I create rules so that mail server can be accessed from internet and lan.

    • Outbound NAT is set to manual. There is no nating in rl2(mail) interface.

    • firewall rules created is:
      *allow any to mailserver-ip from lan and wan
      *allow mailserver-ip to any from rl2(mail) interface.

    What GW should I put in rl2(mail) interface.

    thanks and kind regards.

  • Not sure your setup will work.
    The usual way to do this is to add the IP address you have assigned to rl2 as a virtual IP address to the public interface rl0, then setup an rfc1918 DMZ  subnet off of rl2 hosting your mail, web etc.
    You then can either setup port forwarding (25 for smtp, 110 for pop3) through to the mail server in the DMZ. If all you intend to have is the one server then a 1:1 nat will do the job. Just add the rules to allow access on the required ports for both the WAN and LAN interfaces or allow pfsense to create them at the same time as the nat/port forwarding is created.

    I should also have said that allowing any traffic on any port through to your mail server is a very bad idea.

Log in to reply