2.2.2 - MultiWAN Failover - SMTP Notifications & Firewall Restrictions
I've previously setup a couple of clients with pfsense for Single WAN - Single/Multi LAN and those have all worked great.
I am both testing for myself and client, of having MultiWAN failover.
In these circumstances, it is a DSL connection as the WAN, 3G/4G Wireless as the failover.
I have configured the gateway group, and the failover seems to work as expected.
I am having the following 2 issues:
1. During the failover process, the automatic SMTP Notification is not working when its using 3G/4G, despite the internet connection working.
If i manually hit test on the notification page, it sends out (if using DSL or 3G).
When looking through logs, i am getting an error about not being able to contact the SMTP server during this process.
The issue is not related to the remote SMTP server, but either routing or firewalling on the pfsense machine.
2. Currently with the failover, all traffic is allowed out, as per the default rules. Due to the cost of 3G/4G services, i am needing/wanting to have heavily restricted rules ONLY when on the 3G/4G service, can this be done?
These 2 above, are the biggest things for both myself and the client who wants this.
Any help or suggestions would be appreciated.
Instead of trying to get the SMTP messages working (which failed multiple times), i've instead opted to monitor this connection using external machine running Zabbix, this works fine for this purpose.
I have also found out that, by fine tuning the Outbound NAT rules on the 3G/4G interface, i can limit what protocol/ports are allowed to go out that connection, but this is not ideal.
Still awaiting for others to reply if possible.
I'm having exactly the same issue here on 2.2.2 (and incidentally also on 2.2.3) about the SMTP notifications not working on the failover connection.
I would like to have it solved if possible as I don't have other means of monitoring the connections on the WAN side of this firewall.
I was thinking the "DNS Consideratons" on the docs page (https://doc.pfsense.org/index.php/Multi-WAN) got something to do with it but I doubt this is the case. I've set a specific WAN connection for each manual DNS server listed (which are all addressable from any of the WANs) but still no luck.
When I bring down WAN1 manually from the interface, the failover works and does send me an email over WAN2. When I, however, simulate failover by pulling the network cable of WAN1, the system log mentions it cannot reach the smtp server (through WAN2).
I have no specific firewall rules setup on SMTP at all so that can't be it either.
Any suggestions, anyone?
Thanks in advance,