Probably simple, but i need help



  • So i have pfSense running.  My static IP address is: 189.54.110.10

    My pfsense has 1 WAN and 2 LAN.  On my LAN with ip range of 192.168.10.0 i have 3 servers. (1 FreeRADIUS, 1 Freeside, 1 Mail server)
    i want my mail server to be the main mail server for my business as i am not happy with where it is currently being hosted, so..

    I know with where my domain name is hosted i can shoot the mail to my IP address, but i have absolutely no idea how to setup firewall rules so that all email gets to the mail server on my LAN.. I want to use this mail server for us inside the business to send and receive email, and also to work when we are outside the office via Webmail or POP & IMAP.

    How do i do this?



  • NAT reflection or split dns is techniques you can apply if you have both servers and clients in lan



  • Thanks alot for the reply.. i appreciate it.. but it may as well of beenin chinese.. didn't understand at all.

    I thought i was just going to need to know how to put a port forward to my mail server?

    As far as i understand, pfSense is my router.. in the past, with routers such as cisco pr SnapGear, i just needed to port forward the appropriate ports.. like 25 for exchange.. and so on for pop and IMAP.. is that not the case with pfSense?



  • It should just be a case of setting up a port forwarding for port 25/TCP to your mail server's LAN IP for SMTP. Then you can use the MXToolbox diagnostics to check that it is working.

    Once you've got that right create further rules for 110/TCP (POP3), 143/TCP (IMAP) and whatever port your webmail runs on (I'm guessing 80/TCP).

    You will however need to relay your outbound email through your ISP's mail server or a mail relay service. If you don't then most recipient's will refuse your email.



  • Thanks for that. I will see how it goes.

    In my case i am the ISP so i am not sure how i will sort out that mail relay.  I have a small WiSP and a direct fiber link from a wholesaler.



  • Ah, in that case you need to ensure that the IP range you've been allocated isn't on the various RBLs as being a dialup range. You can check here and here.



  • My IP's are all good as far as spamhaus lookup



  • i'm doing what you want to do
    just set the rules  for the ports mentioned above and also make adjustment to your DNS file
    so Your ips point to the right mail server.
    and your mx record is set to the right level


Log in to reply