How to route nat traffice to an external ip on another server



  • Hi

    I have two questions, first this is what I have
    two servers with rotatable IP, not in the same place.

    1.- Is it possible to add an IP from another server to use it to forward ports, for example, my eamil server is in the ip 10.0.10.100 and I want to send all traffic to 10.0.200.10.

    2.- In case the option 1 is not possible, how can route all traffic from the first IP to the second IP and when something comes to the second IP route it to the first IP.

    Thank you for your help.



  • Not sure what you mean. What's a "rotatable IP" when it's home? By saying they're "not in the same place" do you mean on different LANs, different physical sites, different rooms, etc?

    Are you trying to forward mail traffic from one mail server to another? Are you trying to forward web traffic for the purpose of accessing webmail?

    If you just want to forward all traffic from one IP to the next IP then just swap IPs on each box. Assuming this isn't what you're asking, some clarification would help. What would help hugely would be a network diagram with a proper explanation of what you're trying to acheive.



  • Hi

    Thank you for your answer, I have all my servers at home but the port 25 is blocked, I am renting another server with a valid IP and I want to route all traffic from my servers to the other server that has a valid IP with no blocked ports.



  • Ok, you haven't said what sort of mail servers you're running (Exchange?), or where your pfSense system comes into play (is it operating at your home network or on the remote site?). If you have control of your home network then why is port 25 blocked? Is the ISP blocking it or do you just need to set up a forwarding rule at home? You've pretty much supplied as little information as is possible, so I'll have to make a guess here:

    Assuming you just want to forward all emails via port 25 from your home system and assuming your pfSense is running on your home network, just smarthost your home mail server to the external server. Assuming your external server accepts port 25 traffic out of the box, this should be enough to get you going. Alternately, if you mean you can't receive emails on the home servers, then why not change your external MX record to point to the rented server directly?

    If this doesn't answer your question then - I repeat - you will have to furnish more information. Like a network diagram with a proper, complete explanation of what you're trying to do. To be honest, from what I can see so far, this has nothing to do with pfSense and more to do with mail routing in general.



  • Hi

    I am attaching a basic diagram of my network, Why I want to do this, when I send emails to yahoo or google or any other email server they are rejected for not having a valid IP and the same problem when they send me an email.




  • If you're trying to do mail and have it accepted everywhere, then I think you need a proper domain, a reverse lookup, and SPF record, an SSL cert and a few other things.  You can check some of what you need at mxtoolbox.com.


  • Rebel Alliance Global Moderator

    What does this have to do with pfesnse to be honest?  Yes many email server will block email from dynamic assigned IP, home internet connection.  Many isps even block from talking to or from 25 from a home connection.

    If you have a remote email server that you want to route your traffic through.  Then setup your email server to send all email to that server for delivery and have your email server pickup mail for your user accounts from that server.  This is not really a pfsense issue.

    Or just have your clients use that external mail server directly not using 25, they should be sending encrypted anyway use ports 465, 587 etc..



  • Yep, right. Not a pfSense question.

    In short, do what KOM suggests (reverse DNS, SPF, SSL, etc). Then set your MX record to point to the external server and pick up your email from there. Job done.