OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: TheToto318 on February 28, 2021, 04:01:36 pm
-
Hello guys,
So I setup-ed a mail server and everything is working from outside my local network, the port forwarding rules work as expected.
Now in my local network my domain name is reach my opnsense firewall directly (I use next the reverse proxy to deserve my websites).
So to get the mail working in my local network I made these rules :
(https://i.imgur.com/Orrhour.png)
My NAS address is 192.168.1.25
Now i don't understand why but I can't reach my mail server with my domain name : mail.domainname.com
Wich is when I do a nslookup reaching directly my LAN address, the firewall address.
I hope somebody could help me with that !
-
Hello,
you should think about split DNS and point the domain name directly to your NAS without the firewall for your local LAN clients.
If you don't want to do this, you need to setup NAT reflection. There are tons of threads in the forum and detailed documentation available.
The better way is split DNS.
Have fun and good luck.
-
.
-
Hello,
you should think about split DNS and point the domain name directly to your NAS without the firewall for your local LAN clients.
If you don't want to do this, you need to setup NAT reflection. There are tons of threads in the forum and detailed documentation available.
The better way is split DNS.
Have fun and good luck.
I can't point my domain directly to my NAS because my reverse proxy is running on the port 4443 so I need to forward all the https traffic to this port...
For the NAT reflection, do you have a lead for me because I didnt use my external ip to access my services on the local network.
My rules should work i don't understand why there are not...
-
hi
search "asymmetric routing " for answer.
you can try to use reverse proxy to proxy mail traffic also
-
I will try to use the nginx plugin in opnsense to proxy my mail traffic but how to set manualy a configuration for nginx on opnsense ?
worker_processes auto;
mail {
server_name mail.example.com;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
proxy_pass_error_message on;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 25;
protocol smtp;
smtp_auth login plain cram-md5;
}
server {
listen 110;
protocol pop3;
pop3_auth plain apop cram-md5;
}
server {
listen 143;
protocol imap;
}
}
I found this code on the nginx website, I will modify it but am I on the right way ?
Regards
-
how to set manualy a configuration for nginx on opnsense ?
sorry. why manual?
you can use streams
https://docs.opnsense.org/manual/how-tos/nginx_streams.html
-
Made theses rules :
(https://i.imgur.com/kHzukD7.png)
Data streams
(https://i.imgur.com/evgiCAj.png) Upstream servers
(https://i.imgur.com/9ZfAYcG.png) Upstream
Also not working, I think that i'm close but I miss something
-
also need to disable port-forward for this ports on LAN and open port on OPNsense itself if "Default allow LAN to any rule" disabled.
then you can look in the logs
Services: Nginx: Logs:Stream Access logs; Services: Nginx: Logs: Stream Error logs
-
Man, that was it, everything is working like a charm !!
Thanks you very much for your help !