Can i bypass NAT with some ports, or point to 2 internal ips?



  • I have pfSense 2.1
    i have a bunch of external IP's so i setup one of them for my email server, but now i am trying to install a spam filter in front of the email server and can't figure out how to do that with NAT 1:1

    i have WAN IP x.x.x.215 going to Internal ip of 192.168.1.5 (NAT 1:1)
    And i have all the mail ports forwarded to 192.168.1.5 (email has been working for years this way)

    I now have a Xeams spam filter setup on 192.168.1.4 and I'm supposed to forward my SMTP ports there instead of to my email server.

    I can't figure out how to get around that NAT 1:1 and firewall.

    i tried forwarding the SMTP ports to the Xeams server and only the POP/IMAP ports to the Zimbra email server, but that just made the mail stop working.

    I also found this article in the PF docs https://doc.pfsense.org/index.php/Can_I_use_1:1_NAT_on_my_WAN_IP

    it says

    Yes, you may use 1:1 NAT from the WAN IP to an internal IP. Be aware that this does map every port and you will no longer be able to reach services on the firewall from the outside, unless you add port forward entries to negate the 1:1 NAT for the specific ports you want handled on the firewall.

    I just can't figure out how to do that.

    Anyone ran into this or have an idea to point me in would be greatly appreciated.


Log in to reply