Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to route nat traffice to an external ip on another server

    Scheduled Pinned Locked Moved NAT
    8 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lmartinez073
      last edited by

      Hi

      I have two questions, first this is what I have
      two servers with rotatable IP, not in the same place.

      1.- Is it possible to add an IP from another server to use it to forward ports, for example, my eamil server is in the ip 10.0.10.100 and I want to send all traffic to 10.0.200.10.

      2.- In case the option 1 is not possible, how can route all traffic from the first IP to the second IP and when something comes to the second IP route it to the first IP.

      Thank you for your help.

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        Not sure what you mean. What's a "rotatable IP" when it's home? By saying they're "not in the same place" do you mean on different LANs, different physical sites, different rooms, etc?

        Are you trying to forward mail traffic from one mail server to another? Are you trying to forward web traffic for the purpose of accessing webmail?

        If you just want to forward all traffic from one IP to the next IP then just swap IPs on each box. Assuming this isn't what you're asking, some clarification would help. What would help hugely would be a network diagram with a proper explanation of what you're trying to acheive.

        1 Reply Last reply Reply Quote 0
        • L
          lmartinez073
          last edited by

          Hi

          Thank you for your answer, I have all my servers at home but the port 25 is blocked, I am renting another server with a valid IP and I want to route all traffic from my servers to the other server that has a valid IP with no blocked ports.

          1 Reply Last reply Reply Quote 0
          • M
            muswellhillbilly
            last edited by

            Ok, you haven't said what sort of mail servers you're running (Exchange?), or where your pfSense system comes into play (is it operating at your home network or on the remote site?). If you have control of your home network then why is port 25 blocked? Is the ISP blocking it or do you just need to set up a forwarding rule at home? You've pretty much supplied as little information as is possible, so I'll have to make a guess here:

            Assuming you just want to forward all emails via port 25 from your home system and assuming your pfSense is running on your home network, just smarthost your home mail server to the external server. Assuming your external server accepts port 25 traffic out of the box, this should be enough to get you going. Alternately, if you mean you can't receive emails on the home servers, then why not change your external MX record to point to the rented server directly?

            If this doesn't answer your question then - I repeat - you will have to furnish more information. Like a network diagram with a proper, complete explanation of what you're trying to do. To be honest, from what I can see so far, this has nothing to do with pfSense and more to do with mail routing in general.

            1 Reply Last reply Reply Quote 0
            • L
              lmartinez073
              last edited by

              Hi

              I am attaching a basic diagram of my network, Why I want to do this, when I send emails to yahoo or google or any other email server they are rejected for not having a valid IP and the same problem when they send me an email.

              NetworkDiagram.jpg
              NetworkDiagram.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                If you're trying to do mail and have it accepted everywhere, then I think you need a proper domain, a reverse lookup, and SPF record, an SSL cert and a few other things.  You can check some of what you need at mxtoolbox.com.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  What does this have to do with pfesnse to be honest?  Yes many email server will block email from dynamic assigned IP, home internet connection.  Many isps even block from talking to or from 25 from a home connection.

                  If you have a remote email server that you want to route your traffic through.  Then setup your email server to send all email to that server for delivery and have your email server pickup mail for your user accounts from that server.  This is not really a pfsense issue.

                  Or just have your clients use that external mail server directly not using 25, they should be sending encrypted anyway use ports 465, 587 etc..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • M
                    muswellhillbilly
                    last edited by

                    Yep, right. Not a pfSense question.

                    In short, do what KOM suggests (reverse DNS, SPF, SSL, etc). Then set your MX record to point to the external server and pick up your email from there. Job done.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.