4. Issue firewalling and/or portforwarding DMZ in failover environment

Issue firewalling and/or portforwarding DMZ in failover environment

  • S

    I have made a failover as discribed in failover
    I used only the failoverpart for I have a fast cable connection and a slow adsl connection
    here a picture of this failover:
    ((GatewayGroups.jp))

    For I have made a DMZ for mail and webserver, i must forward those ports to the slow adsl
    So as seen below I made NAT forwarding:
    ((NAT Port Forward))
    because the mailserver is receiving it's mail from the WAN_IAE, i used it also as gateway.
    I used the by PFSense created firewall rule, but with only one modification, un Advanced I use the gateway of the WAN_IAE_DHCP:
    ((Firewall Rule NATForward SMTP_1.png))

    You can also see it in the Firewall Rules:
    ((Firewall Rules))
    Because I see incomming messages from my upstream mailserver, I added a rule for DMZ…
    ((Firewall Rules DMZ))

    But.....
    now I see only the start of the connection of my upstream mailserver:
    ((System logs Firewall port 25))
    So the upstream server start the connection to my DMZ-mailserver... however, the reply don't get back and I see nothing in my mailserver which shows the rest of the connection.

    So incomming as outgoing mail doesn't work.
    I must use my upstream mailserver as relay.
    I DO can communicate from my internal network to my DMZ-mailserver as well as my webserver.

    This is exactly the same for my webserver... so there is a fundamentle flaw in my design:(
    Any help would be appreciated.

    Regards,
    Sjouken

    Sorry, I realy don't know how to insert the pictures at the proper position. Reason why i added them as attachment.



    ![NAT Port Forward.PNG](/public/imported_attachments/1/NAT Port Forward.PNG)
    ![NAT Port Forward.PNG_thumb](/public/imported_attachments/1/NAT Port Forward.PNG_thumb)
    ![Firewall Rule NATForward SMTP_1.png](/public/imported_attachments/1/Firewall Rule NATForward SMTP_1.png)
    ![Firewall Rule NATForward SMTP_1.png_thumb](/public/imported_attachments/1/Firewall Rule NATForward SMTP_1.png_thumb)
    ![Firewall Rules.PNG](/public/imported_attachments/1/Firewall Rules.PNG)
    ![Firewall Rules.PNG_thumb](/public/imported_attachments/1/Firewall Rules.PNG_thumb)
    ![Firewall Rules DMZ.PNG](/public/imported_attachments/1/Firewall Rules DMZ.PNG)
    ![Firewall Rules DMZ.PNG_thumb](/public/imported_attachments/1/Firewall Rules DMZ.PNG_thumb)
    ![System logs Firewall port 25.PNG](/public/imported_attachments/1/System logs Firewall port 25.PNG)
    ![System logs Firewall port 25.PNG_thumb](/public/imported_attachments/1/System logs Firewall port 25.PNG_thumb)

    0
  • LAYER 8 Netgate

    For starters, your firewall rules for the port forwards on WAN_IAE should not have a gateway set.  You are telling pfSense to send those port forwards back out WAN_IAE_DHCP.

    0
  • S

    bow to Derelict…. that was indeed the solution.
    I removed the gateway, set it to default, and now it's working like a charm.
    Also i see requests at my webserver:)

    Thanks again for your help. I was getting desperate.
    Sjouken

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy