Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» NAT» 2.0.1 1-1 NAT presenting external interface rather than real IP
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: 2.0.1 1-1 NAT presenting external interface rather than real IP  (Read 1253 times)
0 Members and 1 Guest are viewing this topic.
Cactus
Newbie
*
Offline Offline

Posts: 3


View Profile
« on: January 05, 2012, 12:44:52 pm »
Since i've upgraded to 2.0.1, the 1-1 NAT that was used for email no longer presents the real IP of the user that is sending the email.

Instead the mail server sees the external IP of the pfsense box instead, and with the mail server blocking connections based on where a user connects from it no longer works correctly.

I've currently had to quickly revert to another gateway to nat correctly.

If i setup a PAT it also does the same thing.

Any suggestions?

Thanks
Logged
marcelloc
Hero Member
*****
Offline Offline

Posts: 8131



View Profile
« Reply #1 on: January 05, 2012, 07:54:38 pm »
Can you see if both servers has the same outbound nat settings?
Logged
Have I helped you? Donations are always welcome! Grin

Te ajudei? Doações são sempre bem vindas! Grin
cmb
Administrator
Hero Member
*****
Offline Offline

Posts: 6054


View Profile WWW
« Reply #2 on: January 05, 2012, 10:36:17 pm »
Upgraded from what version? 1:1 hasn't changed in a long time and works fine, not much to it. The host can get out but goes out on the wrong IP? Check the NAT translation in Diag>States. 1:1 overrides any matching outbound NAT.
Logged
pfSense Commercial Support

Paying customers receive support priority and as in depth of assistance as desired through the official commercial support channels at portal.pfsense.org. Forum users receive as much help as time permits.
Cactus
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #3 on: January 06, 2012, 04:41:35 am »
Upgraded from 2.0.0 release x32

Removed all packages which included snort, squid, darkstat and the pfsense box is back behaving as it should showing the real ip. Not sure why or if it will happen again but it's working.

Very strange indeed.

Thanks
Logged
marcelloc
Hero Member
*****
Offline Offline

Posts: 8131



View Profile
« Reply #4 on: January 06, 2012, 06:16:30 am »
If your mail app is a webmail then squid package with transparent proxy could be your 'problem'
Logged
Have I helped you? Donations are always welcome! Grin

Te ajudei? Doações são sempre bem vindas! Grin
miles267
Full Member
***
Offline Offline

Posts: 202


View Profile
« Reply #5 on: January 07, 2012, 04:04:49 pm »
Have encountered this same issue since upgrading from 2.0 release to 2.0.1 release.  were you able to figure out a resolution to this?  clearly something did change.
Logged
cmb
Administrator
Hero Member
*****
Offline Offline

Posts: 6054


View Profile WWW
« Reply #6 on: January 08, 2012, 09:16:45 pm »
someone who's seeing that, please email me a backup of your config with a link to this thread. cmb at pfsense dot org
Logged
pfSense Commercial Support

Paying customers receive support priority and as in depth of assistance as desired through the official commercial support channels at portal.pfsense.org. Forum users receive as much help as time permits.
Cactus
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #7 on: January 09, 2012, 10:39:28 am »
Personally i removed the packages mentioned and that fixed the problem.

I can only assume it was something to do with squid and a failed package upgrade (even though this said it was fine) as this is the only package which could do this reverse proxying.

To confirm this was with all ports not just smtp (25) our webserver also showed connections as coming from the external interface.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Page created in 0.03 seconds with 20 queries.