Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    1:1 NAT entry for email servers

    NAT
    2
    5
    1750
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrbostn last edited by

      Yesterday I had an issue with my email server. It's working now but I'm trying to understand what happend.

      I'm running PF 2.0.1.
      I came into work yesterday and was told email was down. I RDP'd into the server it looked normal-then I tried to open a web page and nothing. Page not found.

      It felt like a DNS issue. For hours I dug into the DNS-nothing worked. I then set the email server to DHCP and bam I got internet. Crazy. Back to static IP and no internet.

      This all started at 9am. at 1pm I started to look at PFsense. I had not touched it in a month since I installed the country block.
      I disabled that, nothing.

      I started toying with rules, nothing, I then deleted ALL the entries including the 1:1 NAT. At that time I noticed a pattern. When the 1:1 NAT entry was deleted Internet worked.

      So I deleted ALL the rules, recreated them expect the 1:1 NAT entry and everything is workining Email flows in and out.

      I thought inbound email would fail without the 1:1 NAT but everything is working. Can anyone shed some light on this?
      Thank you

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Why did you think you needed a 1:1?

        Your email server needs 25 sent to it, and any other possible protocols you want to allow like pop or imap, etc.

        Do you have multiple public IPs on the wan of pfsense that you want to make sure your email server was associated with specific one of those.

        As long as port 25 is forwarded to your email server, then inbound email should work just fine.

        Did your wan IP change?  You say it worked when you put the email server dhcp, well that would of removed it from the 1:1 nat

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

        1 Reply Last reply Reply Quote 0
        • M
          mrbostn last edited by

          Yes I have multiple IPs WAN IP is static….one of which is assigned to the email server. I thought I needed a 1:1 NAT for an email server with an assigned IP which is why I put created the 1:1 entry.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            yeah if your going to want to have traffic from this server come from one of your specific IPs.. Does it send mail?  Then sure 1:1 would do that.  But as far as 25 to it, that has nothing to do with a 1:1 – 1:1 would be for outbound traffic from 1 of your IPs when coming from that inside box.  Or sending ALL traffic from specific IP to specific inside IP, etc.

            Not really required to run a mail server to be honest..  As long as mail is sent to one of your public IPs and your forward to your mail server that would work for inbound.  And for outbound, as long as your IP is not listed as dynamic and you have PTR for it - it should be able to send email, no reason to specifically lock it down to 1 of your public IPs to be honest.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 22.05 | Lab VMs CE 2.6, 2.7

            1 Reply Last reply Reply Quote 0
            • M
              mrbostn last edited by

              @johnpoz:

              yeah if your going to want to have traffic from this server come from one of your specific IPs.. Does it send mail?  Then sure 1:1 would do that.  But as far as 25 to it, that has nothing to do with a 1:1 – 1:1 would be for outbound traffic from 1 of your IPs when coming from that inside box.  Or sending ALL traffic from specific IP to specific inside IP, etc.

              Not really required to run a mail server to be honest..  As long as mail is sent to one of your public IPs and your forward to your mail server that would work for inbound.  And for outbound, as long as your IP is not listed as dynamic and you have PTR for it - it should be able to send email, no reason to specifically lock it down to 1 of your public IPs to be honest.

              Well everything is working now since I deleted the 1:1 mapping. I just don't know why everything came to a halt suddenly when nothing on my end was changed. I had the 1:1 mapping for working for months.

              Thank you for your input.

              Enjoy the weekend.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post