Issue firewalling and/or portforwarding DMZ in failover environment

sjouken

I have made a failover as discribed in failover
I used only the failoverpart for I have a fast cable connection and a slow adsl connection
here a picture of this failover:
((GatewayGroups.jp))

For I have made a DMZ for mail and webserver, i must forward those ports to the slow adsl
So as seen below I made NAT forwarding:
((NAT Port Forward))
because the mailserver is receiving it's mail from the WAN_IAE, i used it also as gateway.
I used the by PFSense created firewall rule, but with only one modification, un Advanced I use the gateway of the WAN_IAE_DHCP:
((Firewall Rule NATForward SMTP_1.png))

You can also see it in the Firewall Rules:
((Firewall Rules))
Because I see incomming messages from my upstream mailserver, I added a rule for DMZ…
((Firewall Rules DMZ))

But.....
now I see only the start of the connection of my upstream mailserver:
((System logs Firewall port 25))
So the upstream server start the connection to my DMZ-mailserver... however, the reply don't get back and I see nothing in my mailserver which shows the rest of the connection.

So incomming as outgoing mail doesn't work.
I must use my upstream mailserver as relay.
I DO can communicate from my internal network to my DMZ-mailserver as well as my webserver.

This is exactly the same for my webserver... so there is a fundamentle flaw in my design:(
Any help would be appreciated.

Regards,
Sjouken

Sorry, I realy don't know how to insert the pictures at the proper position. Reason why i added them as attachment.


Derelict

For starters, your firewall rules for the port forwards on WAN_IAE should not have a gateway set.  You are telling pfSense to send those port forwards back out WAN_IAE_DHCP.

sjouken

bow to Derelict…. that was indeed the solution.
I removed the gateway, set it to default, and now it's working like a charm.
Also i see requests at my webserver:)

Thanks again for your help. I was getting desperate.
Sjouken