Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Virtual IPs having emails rejected.

    NAT
    4
    8
    2520
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jthoren last edited by

      We have several have several servers that are having emails rejected by other mail servers which are performing reverse lookups.

      When we ping our the first ip in our scope we receive replys and when pinging the rest of the ip's in our scope we are receiving TTL expired in transit.

      It appears when doing a trace route that the virtual ip trace will hit our external interface and then go back to the hop before and then back to the external interface when eventually it times out.

      Any assistance would be greatly appreciated.

      JT

      1 Reply Last reply Reply Quote 0
      • dotdash
        dotdash last edited by

        Could this be due to the source IP coming from the Interface and not from the VIP address? Try going to http://www.ipmonkey.com and checking the address. I discussed this in another post, it may be what you are looking for, even if it didn't help him out. http://forum.pfsense.org/index.php/topic,5213.msg31442.html#msg31442

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          It has nothing to do with pfsense at all. You need to get your ISP to configure appropriate reverse DNS entries for those IP's, preferably matching the A record on each IP.

          1 Reply Last reply Reply Quote 0
          • dotdash
            dotdash last edited by

            I've seen mail get bounced because the RR did not match the originating IP of the hostname in the HELO string. But that is a good point. A check with http://www.dnsreport.com on your domain will tell you if the provider has the reverse records setup correctly.

            1 Reply Last reply Reply Quote 0
            • J
              jthoren last edited by

              Reverse DNS entries were added and verified.  Looks more like pfsense config.

              1 Reply Last reply Reply Quote 0
              • J
                jthoren last edited by

                Dotdash your 1st reply looks like you are on track and the post describes how it should be set up.

                I do find it odd when we do a trace route to the virtual ip and not the primary the trace is redirected to the hop before the primary ip and then back and forth until it times out.  It is as if the  firewall does not know it has multiple ip's assigned to it.  Mail is working and traffic is passing, but certain domains are acting as if we are spamming due to the originating ips being different.

                1 Reply Last reply Reply Quote 0
                • S
                  sullrich last edited by

                  Use advanced outbound NAT to force the outgoing traffic from the internal IP to the correct CARP address.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb last edited by

                    @sullrich:

                    Use advanced outbound NAT to force the outgoing traffic from the internal IP to the correct CARP address.

                    Unless you're using 1:1 NAT, in which case this should be done automatically.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post