Problems with dual wan and port forwarding
I have this scenario:
WAN interface (DHCP)
---------| pfsense box |
---------| |------------> DMZ
OPT1 interface - WAN2 (Static)
I have a mail server with internal address in DMZ and I did a port forwarding to redirect the traffic going in the TCP/UDP port 25 at OPT1 interface. In this NIC I've set the external address of my mailserver and I redirect my SMTP traffic. Then, my mail server send messages normally but the messages don't arrive. I did some tests via dnsreport.com but they fail (don't get connection with the server). When I do the same configuration with the wan address the redirecting is successfull.
Any ideas to resolve this case?
How are you testing via dnsreport unless you have an MX pointing to that IP? I would first try to telnet to port 25 from an outside location to the IP to verify. The setup seems valid (although you only need TCP for SMTP) Verify the alias IP is attached to the correct interface and the firewall rule is open on the OPT1 interface…
thanks for you reply dotdash,
I've tested via dnsreport because I have a MX to the OPT1 address. Before, the mailserver was using the address, but now the server has an internal address with the external address in pfsense box doing port forward. I'm using port forward with the option of firewall rules creation marked.
I've tested with an telnet in the smtp port at OPT1 and got wrong. With the port forward in WAN interface …. success!
I need more help ... please!
Show us your rules and forwards. I have the same setup like you at the office with 2 mx entries, one pointing to the wan, the other pointing to the optwan and it works fine.
Hello hoba … thanks. My forward is here ....
WAN2 TCP/UDP 25 (SMTP) 100.100.100.46 25 (SMTP) E-mail mapping
(ext.: 200.241.xx.xxxx )
and the rules was created automatically by the pfsense.
At LAN interface:
TCP/UDP 100.100.100.46 * * 25 (SMTP) 200.241.xx.xxx NAT mail mapping
and at OPT2/WAN2 interface ....
TCP/UDP * * * 25 (SMTP) * NAT mail mapping
I´m waiting for more help.
Natal/RN - Brazil
Can you change your rules to only use tcp (portforwards as well as firewallrules)? Ther just was another thread where somone seemed to have a problem with tcp/udp rules. Maybe we have a bug hiding somewhere. Mailtraffic at port 25 (SMTP) is TCP only.
Thanks hoba …
I´ll testing tomorrow and I´ll posting the results.
Natal-RN / Brazil
Thanks for help hoba!!
The problem was resolved … I do SMTP port forward with TCP only and ... get right :). My MX registry is pointing to my OPT1 (WAN2) interface and now mail server is working correctly.
Natal/RN - Brazil