Issue firewalling and/or portforwarding DMZ in failover environment

Firewalling
Log in to reply
  • S

    I have made a failover as discribed in failover
    I used only the failoverpart for I have a fast cable connection and a slow adsl connection
    here a picture of this failover:
    ((GatewayGroups.jp))

    For I have made a DMZ for mail and webserver, i must forward those ports to the slow adsl
    So as seen below I made NAT forwarding:
    ((NAT Port Forward))
    because the mailserver is receiving it's mail from the WAN_IAE, i used it also as gateway.
    I used the by PFSense created firewall rule, but with only one modification, un Advanced I use the gateway of the WAN_IAE_DHCP:
    ((Firewall Rule NATForward SMTP_1.png))

    You can also see it in the Firewall Rules:
    ((Firewall Rules))
    Because I see incomming messages from my upstream mailserver, I added a rule for DMZ…
    ((Firewall Rules DMZ))

    But.....
    now I see only the start of the connection of my upstream mailserver:
    ((System logs Firewall port 25))
    So the upstream server start the connection to my DMZ-mailserver... however, the reply don't get back and I see nothing in my mailserver which shows the rest of the connection.

    So incomming as outgoing mail doesn't work.
    I must use my upstream mailserver as relay.
    I DO can communicate from my internal network to my DMZ-mailserver as well as my webserver.

    This is exactly the same for my webserver... so there is a fundamentle flaw in my design:(
    Any help would be appreciated.

    Regards,
    Sjouken

    Sorry, I realy don't know how to insert the pictures at the proper position. Reason why i added them as attachment.



    ![NAT Port Forward.PNG](/public/imported_attachments/1/NAT Port Forward.PNG)
    ![NAT Port Forward.PNG_thumb](/public/imported_attachments/1/NAT Port Forward.PNG_thumb)
    ![Firewall Rule NATForward SMTP_1.png](/public/imported_attachments/1/Firewall Rule NATForward SMTP_1.png)
    ![Firewall Rule NATForward SMTP_1.png_thumb](/public/imported_attachments/1/Firewall Rule NATForward SMTP_1.png_thumb)
    ![Firewall Rules.PNG](/public/imported_attachments/1/Firewall Rules.PNG)
    ![Firewall Rules.PNG_thumb](/public/imported_attachments/1/Firewall Rules.PNG_thumb)
    ![Firewall Rules DMZ.PNG](/public/imported_attachments/1/Firewall Rules DMZ.PNG)
    ![Firewall Rules DMZ.PNG_thumb](/public/imported_attachments/1/Firewall Rules DMZ.PNG_thumb)
    ![System logs Firewall port 25.PNG](/public/imported_attachments/1/System logs Firewall port 25.PNG)
    ![System logs Firewall port 25.PNG_thumb](/public/imported_attachments/1/System logs Firewall port 25.PNG_thumb)

    0
  • Derelict
    LAYER 8 Netgate

    For starters, your firewall rules for the port forwards on WAN_IAE should not have a gateway set.  You are telling pfSense to send those port forwards back out WAN_IAE_DHCP.

    0
  • S

    bow to Derelict…. that was indeed the solution.
    I removed the gateway, set it to default, and now it's working like a charm.
    Also i see requests at my webserver:)

    Thanks again for your help. I was getting desperate.
    Sjouken

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy