Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forcing email to go out selected gateway on load balance system

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blackduck54
      last edited by

      Dear all PFsense experts,

      I'm having load balance system with 2 connections from 2 ISPs

      Can I force all LAN email traffic to go out only one selected gateway?

      If yes, how to do so?

      Earliest reply would be appreciated

      Thanks in advance from newbie.

      1 Reply Last reply Reply Quote 0
      • pttP
        ptt Rebel Alliance
        last edited by

        Yes, you can, use "Policy Routing" ;)

        https://doc.pfsense.org/index.php/Multi-WAN_2.0

        1 Reply Last reply Reply Quote 0
        • R
          Reiner030
          last edited by

          @ptt:

          Yes, you can, use "Policy Routing" ;)

          https://doc.pfsense.org/index.php/Multi-WAN_2.0

          I think he needs more an easy example of it ^^

          1. setup multiple Gateways (should be done if you have different WANs)

          2a) nice to have: Firewall Alias type "Ports" with wanted ports listed
                (25, 465, 586, for SMTP/sSMTP / submission)
                (110 / 995 for POP3/POPs)
                (143 / 993 for IMAP/IMAPs)

          2b) nice to have: Gateway Groups
                System => Routing => Groups
                Setup main route as Tier1, fallback route as Tier2

          1. setup one firewall rule with DESTINATION PORT Alias or
                several firewall rules with needed services from list as DESTINATION PORT

          => Gateway => Advanced Button => select needed Gateway / Gateway Group.

          1 Reply Last reply Reply Quote 0
          • B
            blackduck54
            last edited by

            Many thanks to both of you

            I've done with setting up all rules

            See attached file:

            but how can I check if all rules work as expected

            Best regards,

            ppp.png
            ppp.png_thumb

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis
              last edited by

              Pull the cable out of WANGW. All your various email things should stop working, and the LoadBalance group and other traffic should keep working.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • R
                Reiner030
                last edited by

                @phil.davis:

                Pull the cable out of WANGW. All your various email things should stop working, and the LoadBalance group and other traffic should keep working.

                better solutions:

                1. you have an external mailserver available ?
                      => connect to it and see on remote side if you came in with the right IP ;)

                2. Mail yourself to an normal external mailservice something and take a look into Received headers… your public IP should be shown up there.

                => Don't forget to setup DNS/reverse DNS for your IP.
                => Best is also add DKIM DNS and header signing
                => SPF could be ok, too, but has known forwarding problem behavior.

                => Or get a whitelist entry on your relay

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.