Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: KatiaSisHost on April 12, 2024, 01:27:55 PM

Title: Problem Hetzner OPNSense and Rules!
Post by: KatiaSisHost on April 12, 2024, 01:27:55 PM
Hello, I have a server in Hetzner with 1 public IP...

Inside I have Proxmox installed, where I direct all traffic to a virtual machine with OPNSense.

this is my /etc/network/interfaces



source /etc/network/interfaces.d/*

car it
iface lo inet loopback

iface lo inet6 loopback

car enp4s0
iface enp4s0 inet static
         address 78.46.XX.76/27
         gateway 78.46.XX.65
         up route add -net 78.46.XX.64 netmask 255.255.255.224 gw 78.46.XX.65 dev enp4s0
         post-up iptables -t nat -A PREROUTING -i enp4s0 -p tcp -m multiport ! --dports 8022,8006 -j DNAT --to 10.10.10.1
         post-up iptables -t nat -A PREROUTING -i enp4s0 -p udp -j DNAT --to 10.10.10.1

# route 78.46.XX.64/27 via 78.46.XX.65

iface enp4s0 inet6 static
         address 2a01:4f8:121:4c9::2/64
         gateway fe80::1

car vmbr0
iface vmbr0 inet static
         address 10.10.10.0/31
         bridge ports none
         bridge-stp off
         bridge-fd 0
         post-up iptables -t nat -A POSTROUTING -s '10.10.10.1/31' -o enp4s0 -j MASQUERADE
         post-down iptables -t nat -D POSTROUTING -s '10.10.10.1/31' -o enp4s0 -j MASQUERADE

# OPNSense WAN - Proxmox LAN

car vmbr1
iface vmbr1 inet manual
         bridge ports none
         bridge-stp off
         bridge-fd 0
#LAN


In Proxmox I have a virtual machine with IP 192.168.1.1 with OPNSense

at 192.168.1.100 I have a Web Control Panel (like cpanel webserver / email etc..)


If I have reflection disabled in opnsense...
  Reflection for port forwards
  Reflection for 1:1
  Automatic outbound NAT for Reflection

I can send and receive emails without problem... but virtual machines cannot interact with each other, which is why I cannot send an email from a virtual machine through cpanel.


now... if I activate reflection...

I can interact between the virtual machines... they connect and mark the email as sent... but the server automatically bounces my email.

This is the mail system at host srv1.XXXXXX.es.

I'm sorry to have to inform you that your message could not
be delivered to one or more containers. It's attached below.

For further assistance, please send email to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                    The mail system

<XXXXXX@gmail.com>: mail for gmail.com loops back to myself
Reporting-MTA: dns; srv1.XXXXXX.es
X-Postfix-Queue-ID: 0EA191C4125B
X-Postfix-Sender: rfc822; katia@XXXXXX.es
Arrival-Date: Fri, 12 Apr 2024 13:17:30 +0200 (CEST)

Final-Recipient: rfc822; XXXXXX@gmail.com
Original-Recipient: rfc822;XXXXXX@gmail.com
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for gmail.com loops back to myself
From SMTP Test User
Recipient XXXXXX@gmail.com
Date Today 08:17
Testing test mail via srv1.XXXXXX.es.

Nothing to worry.


But.... if I send an email from Gmail to any tray within cpanel... they arrive without a problem!


Could anyone help me please!
Title: Re: Problem Hetzner OPNSense and Rules!
Post by: KatiaSisHost on April 17, 2024, 01:47:29 AM
up
Text only | Text with Images