Issue firewalling and/or portforwarding DMZ in failover environment
-
I have made a failover as discribed in failover
I used only the failoverpart for I have a fast cable connection and a slow adsl connection
here a picture of this failover:
((GatewayGroups.jp))For I have made a DMZ for mail and webserver, i must forward those ports to the slow adsl
So as seen below I made NAT forwarding:
((NAT Port Forward))
because the mailserver is receiving it's mail from the WAN_IAE, i used it also as gateway.
I used the by PFSense created firewall rule, but with only one modification, un Advanced I use the gateway of the WAN_IAE_DHCP:
((Firewall Rule NATForward SMTP_1.png))You can also see it in the Firewall Rules:
((Firewall Rules))
Because I see incomming messages from my upstream mailserver, I added a rule for DMZ…
((Firewall Rules DMZ))But.....
now I see only the start of the connection of my upstream mailserver:
((System logs Firewall port 25))
So the upstream server start the connection to my DMZ-mailserver... however, the reply don't get back and I see nothing in my mailserver which shows the rest of the connection.So incomming as outgoing mail doesn't work.
I must use my upstream mailserver as relay.
I DO can communicate from my internal network to my DMZ-mailserver as well as my webserver.This is exactly the same for my webserver... so there is a fundamentle flaw in my design:(
Any help would be appreciated.Regards,
SjoukenSorry, I realy don't know how to insert the pictures at the proper position. Reason why i added them as attachment.
![NAT Port Forward.PNG](/public/imported_attachments/1/NAT Port Forward.PNG)
![NAT Port Forward.PNG_thumb](/public/imported_attachments/1/NAT Port Forward.PNG_thumb)
![Firewall Rule NATForward SMTP_1.png](/public/imported_attachments/1/Firewall Rule NATForward SMTP_1.png)
![Firewall Rule NATForward SMTP_1.png_thumb](/public/imported_attachments/1/Firewall Rule NATForward SMTP_1.png_thumb)
![Firewall Rules.PNG](/public/imported_attachments/1/Firewall Rules.PNG)
![Firewall Rules.PNG_thumb](/public/imported_attachments/1/Firewall Rules.PNG_thumb)
![Firewall Rules DMZ.PNG](/public/imported_attachments/1/Firewall Rules DMZ.PNG)
![Firewall Rules DMZ.PNG_thumb](/public/imported_attachments/1/Firewall Rules DMZ.PNG_thumb)
![System logs Firewall port 25.PNG](/public/imported_attachments/1/System logs Firewall port 25.PNG)
![System logs Firewall port 25.PNG_thumb](/public/imported_attachments/1/System logs Firewall port 25.PNG_thumb) -
For starters, your firewall rules for the port forwards on WAN_IAE should not have a gateway set. You are telling pfSense to send those port forwards back out WAN_IAE_DHCP.
-
bow to Derelict…. that was indeed the solution.
I removed the gateway, set it to default, and now it's working like a charm.
Also i see requests at my webserver:)Thanks again for your help. I was getting desperate.
Sjouken