Postfix issue behind pfsense

nikkon

Hi all,

I have a mail server in lan behind pfsense.
i use nat for pop3/imap redirected to lan ip.
from server-cli works fine…i can connect and send mails. from the network or outside...nothing.able to send, not able to receive anything.
Any clue?

postix/dovecot as MTA.

Thanks

pop3.png_thumb

divsys

Do the logs show any attempted traffic to the server?

Have you tried to Telnet in for testing?

Possibility your ISP is blocking ports?

nikkon

on the server side all seems ok.
via cli i can log and all seems fine.ISP works as before.I just changed clearos (which used a port forwarding before) with pfsense nat.
problem is i can't reach my mail server via mai. <domain>or external ip address.
if i use the internal ip as incomming/outgoing server it works</domain>

doktornotor

@nikkon:

problem is i can't reach my mail server via mai. <domain>or external ip address.
if i use the internal ip as incomming/outgoing server it works</domain>

https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

nikkon

tried this…still not working.
by now i have web working from outside.from internal network/vpn if i try to load any web site hosted it goes to pfsense intern ip.
I belive that there is an issue first of all.

doktornotor

Yeah, already answered above. Fix your DNS.

nikkon

I try to use the link you sent me and add for each domain i have a record in DNS forwarder @ Domain Overrides section
coridor.ro 172.26.10.2 coridor forwarder
as test…i try to ping the domain...it sees the correct wan ip still...no ping / same for smtp/pop3

doktornotor

Sigh… maybe you should re-read the above a couple of times? You set up a HOST override for the HOSTNAME(S) of the mailserver so that it points to the INTERNAL IP (and NOT WAN IP).

nikkon

ok it seems i got it wrong.
do i still need a DNS resolver? I belive i do for the other requests and lan clients.
172.26.10.x is internal ip.
194.xxx is wan

fw.png_thumb

doktornotor

Dunno, are you actually reading what's said above? And reading what's written in the GUI? You are setting the WRONG thing. Read the GUI description of Domain Overrides.

P.S. If you are using DNS Resolver, then configure the same HOST overrides in DNS Resolver instead of Forwarder! You cannot use both of them at the same time.

nikkon

problem solved.all seems better now. thx for all support.

btw. still have an issue with the ftp service behind nat.
client error: "Server sent passive reply with unroutable address." I can log in but nothing came back.
I installed FTP client Proxy app and config looks like:
Local Interface : LAN,loopback
Source address : any
Proxy Bypass Source : any
Proxy ByPass Destination: 192.168.1.5 (ftp server address)
BindPort : 2121
–-------------
proftpd listen port 2121.

Any clue?

doktornotor

No, not here. Totally OT plus wrong forum.