Forcing email to go out selected gateway on load balance system
-
Dear all PFsense experts,
I'm having load balance system with 2 connections from 2 ISPs
Can I force all LAN email traffic to go out only one selected gateway?
If yes, how to do so?
Earliest reply would be appreciated
Thanks in advance from newbie.
-
Yes, you can, use "Policy Routing" ;)
https://doc.pfsense.org/index.php/Multi-WAN_2.0
-
@ptt:
Yes, you can, use "Policy Routing" ;)
https://doc.pfsense.org/index.php/Multi-WAN_2.0
I think he needs more an easy example of it ^^
- setup multiple Gateways (should be done if you have different WANs)
2a) nice to have: Firewall Alias type "Ports" with wanted ports listed
(25, 465, 586, for SMTP/sSMTP / submission)
(110 / 995 for POP3/POPs)
(143 / 993 for IMAP/IMAPs)2b) nice to have: Gateway Groups
System => Routing => Groups
Setup main route as Tier1, fallback route as Tier2- setup one firewall rule with DESTINATION PORT Alias or
several firewall rules with needed services from list as DESTINATION PORT
=> Gateway => Advanced Button => select needed Gateway / Gateway Group.
-
Many thanks to both of you
I've done with setting up all rules
See attached file:
but how can I check if all rules work as expected
Best regards,
-
Pull the cable out of WANGW. All your various email things should stop working, and the LoadBalance group and other traffic should keep working.
-
Pull the cable out of WANGW. All your various email things should stop working, and the LoadBalance group and other traffic should keep working.
better solutions:
-
you have an external mailserver available ?
=> connect to it and see on remote side if you came in with the right IP ;) -
Mail yourself to an normal external mailservice something and take a look into Received headers… your public IP should be shown up there.
=> Don't forget to setup DNS/reverse DNS for your IP.
=> Best is also add DKIM DNS and header signing
=> SPF could be ok, too, but has known forwarding problem behavior.=> Or get a whitelist entry on your relay
-
