Issue firewalling and/or portforwarding DMZ in failover environment



  • I have made a failover as discribed in failover
    I used only the failoverpart for I have a fast cable connection and a slow adsl connection
    here a picture of this failover:
    ((GatewayGroups.jp))

    For I have made a DMZ for mail and webserver, i must forward those ports to the slow adsl
    So as seen below I made NAT forwarding:
    ((NAT Port Forward))
    because the mailserver is receiving it's mail from the WAN_IAE, i used it also as gateway.
    I used the by PFSense created firewall rule, but with only one modification, un Advanced I use the gateway of the WAN_IAE_DHCP:
    ((Firewall Rule NATForward SMTP_1.png))

    You can also see it in the Firewall Rules:
    ((Firewall Rules))
    Because I see incomming messages from my upstream mailserver, I added a rule for DMZ…
    ((Firewall Rules DMZ))

    But.....
    now I see only the start of the connection of my upstream mailserver:
    ((System logs Firewall port 25))
    So the upstream server start the connection to my DMZ-mailserver... however, the reply don't get back and I see nothing in my mailserver which shows the rest of the connection.

    So incomming as outgoing mail doesn't work.
    I must use my upstream mailserver as relay.
    I DO can communicate from my internal network to my DMZ-mailserver as well as my webserver.

    This is exactly the same for my webserver... so there is a fundamentle flaw in my design:(
    Any help would be appreciated.

    Regards,
    Sjouken

    Sorry, I realy don't know how to insert the pictures at the proper position. Reason why i added them as attachment.



    ![NAT Port Forward.PNG](/public/imported_attachments/1/NAT Port Forward.PNG)
    ![NAT Port Forward.PNG_thumb](/public/imported_attachments/1/NAT Port Forward.PNG_thumb)
    ![Firewall Rule NATForward SMTP_1.png](/public/imported_attachments/1/Firewall Rule NATForward SMTP_1.png)
    ![Firewall Rule NATForward SMTP_1.png_thumb](/public/imported_attachments/1/Firewall Rule NATForward SMTP_1.png_thumb)
    ![Firewall Rules.PNG](/public/imported_attachments/1/Firewall Rules.PNG)
    ![Firewall Rules.PNG_thumb](/public/imported_attachments/1/Firewall Rules.PNG_thumb)
    ![Firewall Rules DMZ.PNG](/public/imported_attachments/1/Firewall Rules DMZ.PNG)
    ![Firewall Rules DMZ.PNG_thumb](/public/imported_attachments/1/Firewall Rules DMZ.PNG_thumb)
    ![System logs Firewall port 25.PNG](/public/imported_attachments/1/System logs Firewall port 25.PNG)
    ![System logs Firewall port 25.PNG_thumb](/public/imported_attachments/1/System logs Firewall port 25.PNG_thumb)


  • Netgate

    For starters, your firewall rules for the port forwards on WAN_IAE should not have a gateway set.  You are telling pfSense to send those port forwards back out WAN_IAE_DHCP.



  • bow to Derelict…. that was indeed the solution.
    I removed the gateway, set it to default, and now it's working like a charm.
    Also i see requests at my webserver:)

    Thanks again for your help. I was getting desperate.
    Sjouken