I have a pair of 1.2.3 boxes and I'm having some issues that have manifested themselves as an inability to send emails with attachments depending on the IP of the mail server the message is being sent to.
Setup: Host A is on interface LAN. Host A is supposed to get NAT translated once it leaves interface LAN. Mail Server has interfaces on both LAN and APP networks. Mail Server delivers mail for two domains, foo.com and bar.com. Host A resolves mail.foo.com to an IP on the LAN side. Host A resolves mail.bar.com to an IP on the APP side. Scenario 1: - Host A sends an email via mail.foo.com, pfSense sees nothing, as expected, because Host A and the SMTP server are on the same subnet. - Everything works fine. Scenario 2: - Host A sends an email with no attachment via mail.bar.com, pfSense receives the packet, forwards it to APP side of Mail Server. - Mail Server netstat shows the destination IP of the SMTP connection to be the APP IP as expected. - Mail Server netstat shows the source IP of the SMTP connection is from Host A's LAN IP instead of the outbound NAT IP. - Everything works fine. Scenario 3: - Host A sends an email with any size attachment via mail.bar.com, pfSense receives the packet, forwards it to APP side of Mail Server. - Mail Server netstat shows the destination IP of the SMTP connection to be the APP IP as expected. - Mail Server netstat shows the source IP of the SMTP connection is from Host A's LAN IP instead of the outbound NAT IP. - Message transmission times out. Exim has no knowledge of the transaction so nothing shows up in maillog. I have a feeling this has something to do with the asymmetric nature of the traffic when Host A tries to send mail to mail.bar.com because it's got an IP in APP and LAN. I've scoured the NAT config, created a manual NAT entry on the LAN interface hoping to translate everything as it leaves the LAN interface, I've also toggled the Nat Reflection checkbox in the System Configuration. Nothing seems to make a difference - I can't get mail.bar.com to see the NAT IP. The really strange thing is that this this all works fine if no attachment is sent in the email (scenario 2). Any ideas? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
