Sometimes see local IP address when doing port-forwarding

Eugene · May 15, 2008, 2:58 PM

Hello,
Setup is very simple
smtp-server 1.1.1.85–----1.1.1.4 (LAN) pfSense (WAN) 2.2.2.201 (proxyARP VIP)-----Internet.
----------- (vlan0)
----------- (vlan1)
We are receiving all smtp connections to 2.2.2.201 at 1.1.1.85 with port-forwarding set up
rdr on em0 inet proto tcp from any to 2.2.2.201 port = smtp -> 1.1.1.85

Everything works perfectly but sometimes (fortunately pretty rarely) at smtp-server I receive smtp-traffic from 1.1.1.4!? It seems like pfSense tries to act as a spam-bot. I know it is impossible so some natting occurs with source IP.
pfSense has three physical interfaces LAN, WAN and one configured with several vlans.
I have checked all my NAT-rules approximately 42 times. Can not find anything.
Please any ideas.

Thanks.

Eugene · May 15, 2008, 6:32 PM

Sorry, this is mirroring issue. If you hit 2.2.2.201:25 from any vlan interface then you will have source IP 1.1.1.4 in the packet received at 1.1.1.85.