Problems with dual wan and port forwarding

fricardo

Hello all,

I have this scenario:

WAN interface (DHCP)
–-----

\       
  ---------| pfsense box  |
  ---------|                      |------------> DMZ
/    
/

OPT1 interface - WAN2 (Static)

I have a mail server with internal address in DMZ and I did a port forwarding to redirect the traffic going in the TCP/UDP port 25 at OPT1 interface. In this NIC I've set the external address of my mailserver and I redirect my SMTP traffic. Then, my mail server send messages normally but the messages don't arrive. I did some tests via dnsreport.com but they fail (don't get connection with the server). When I do the same configuration with the wan address the redirecting is successfull.

Any ideas to resolve this case?

Francisco Ricardo

dotdash

How are you testing via dnsreport unless you have an MX pointing to that IP? I would first try to telnet to port 25 from an outside location to the IP to verify. The setup seems valid (although you only need TCP for SMTP) Verify the alias IP is attached to the correct interface and the firewall rule is open on the OPT1 interface…

fricardo

thanks for you reply dotdash,

I've tested via dnsreport because I have a MX to the OPT1 address. Before, the mailserver was using the address, but now the server has an internal address with the external address in pfsense box  doing port forward. I'm using port forward with the option of firewall rules creation marked.

I've tested with an telnet in the smtp port at OPT1 and got wrong. With the port forward in WAN interface …. success!

Very strange

I need more help ... please!

Francisco Ricardo

hoba

Show us your rules and forwards. I have the same setup like you at the office with 2 mx entries, one pointing to the wan, the other pointing to the optwan and it works fine.

fricardo

Hello hoba … thanks. My forward is here ....

WAN2  TCP/UDP  25 (SMTP)  100.100.100.46                25 (SMTP) E-mail mapping
                                                      (ext.: 200.241.xx.xxxx )

and the rules was created automatically by the pfsense.

At LAN interface:

TCP/UDP  100.100.100.46  *  *  25 (SMTP)  200.241.xx.xxx  NAT mail mapping

and at OPT2/WAN2 interface ....

TCP/UDP  *  *  *  25 (SMTP)  *  NAT mail mapping

I´m waiting for more help.

Thanks,

Francisco Ricardo
Natal/RN - Brazil

hoba

Can you change your rules to only use tcp (portforwards as well as firewallrules)? Ther just was another thread where somone seemed to have a problem with tcp/udp rules. Maybe we have a bug hiding somewhere. Mailtraffic at port 25 (SMTP) is TCP only.

fricardo

Thanks hoba …

I´ll testing tomorrow and I´ll posting the results.

Francisco Ricardo

Natal-RN / Brazil

fricardo

Thanks for help hoba!!

The problem was resolved … I do SMTP port forward with TCP only and ... get right  :). My MX registry is pointing to my OPT1 (WAN2) interface and now mail server is working correctly.

Francisco Ricardo
Natal/RN - Brazil