next »

[romp]

I have a problem that seems like it should be easy to do, but pfSense hates me.

I have several SMTP servers.  I would like to be able to load balance them when one of our LAN servers sends emails.  I do not need nor want it accessible from the WAN.

For example,

  LAN interface:   172.24.0.1/16
  Load Balance IP: 172.24.200.254
  Pool IPs; 172.24.200.1-4

Yes, they are all in the same subnet.

If I telnet (port 25) directly to the SMTP servers (eg 172.24.200.1) I can connect fine.  If I try the same with 172.24.200.254, nada.

I have seen information saying that I need to do NAT Reflection or something, but I can't figure out where, how, or what to add.

Please help.

[marcelloc]

romp,

Pfsense does not hates you, it's just doing what you configured

See what is happening:
workstation 172.24.150.20 asks 172.24.200.254 a smtp connection
172.24.200.254 forward this request to 172.24.200.1 pool member
172.24.200.1 accepts the request and answer ok to 172.24.150.20.
172.24.150.20 rejects the message as it asked 172.24.200.254 for a connection.

Forcing source ip to 172.24.200.254 while talking to 172.24.200.1-4 using an outbound nat rule will fix this communication issue.
You may need to change outbound nat to manual before applying the rule.

att,
Marcello Coutinho