I've got more details on the problem now. Here's the scenario: Internet->pfsensegateway->pfsenseloadbalancer->mailserver.
If I connect to it directly on the 172.x.x.x IP on the outside of the load balancer, connection goes through and the source IP is correct. But if I connect from the internet to a public IP on the gateway which has SMTP port-forwarded to the same 172.x.x.x IP on the loadbalancer, then I see the 10.x.x.x IP of the inside of the loadbalancer as sourceIP, and reply packets outbound from the server never reach the client. Gateway pfsense is V1.0.1. No gateway defined there - it's the LAN interface of loadbalancer, and it behaves the same regardless of advanced outbound NAT. j Bill Marquette wrote: > On 8/20/07, Joel Newkirk <[EMAIL PROTECTED]> wrote: >> Is there any way I can load-balance incoming SMTP across a pool of mail >> nodes, but still retain the original source IP on the packets?? I'm >> unable to find anything in the interface, nor any relevant search >> results here in the forum or elsewhere. Sad > > Probably because nobody has had this issue. You must be natting > outbound on the interface sitting on the same segment as the mail > servers if you are seeing a source NAT occurring. pfSense by default > will NAT on interfaces with gateways set - any chance this is the > case? Also, are you making use of advanced outbound NAT? > >> public-accessible services have source IPs logged, for example) I'm >> hoping there's something simple (or complex) I've missed that will omit >> the SNAT. > > More likely, something you accidentally setup. > > --Bill > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
