OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of MartinJ »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - MartinJ

Pages: [1]
1
20.1 Legacy Series / Re: Can't send mail by smtp, but by submission??
« on: February 26, 2020, 09:23:04 pm »
This is my own mail server and yes, it responds to connections at port 25. The problem is that the packets for <mailserver>:25 don't leave the WAN interface, but packets for <mailserver>:587 do (watched by tcpdump on the firewall). There are no blocking rules etc., just a freshly installed OPNSense without NAT.

I'm going to restore the FW to factory config and repeat every step I done, checking every time if I can telnet to port 25 on my mailserver.

Martin

2
20.1 Legacy Series / Re: Can't send mail by smtp, but by submission??
« on: February 26, 2020, 09:21:47 am »
Yes, I'm sure. It works from WiFi (same Accesspoint). I couldn't see the packets leave WAN interface on the FW.

3
20.1 Legacy Series / Can't send mail by smtp, but by submission??
« on: February 25, 2020, 10:57:26 pm »
I replaced an aging pfsense firewall on slow hardware by opnsense 20.1 on a APU2 board. The setup is fairly simple, no NAT, only routing and filtering. Outbound NAT is set to Manual rule generation, but no rules are defined.


LAN (192.168.99.0/24) - Lan_IF (192.168.99.1/24) - Firewall- WAN_IF (192.168.245.3/24) - Gateway (192.168.245.1)

The WAN net has a default gateway which handles internet access. This gateway has a route to my LAN and sends traffic to the WAN interface. For the moment, every interface on the OPNSense has only one rule, pass any any. Everything works fine... except access to a smtp server in the internet. A "telnet <server> 25" just doesn't work, a "telnet <server> 587" does. Yes, the <server> accepts traffic on port 25 and 587....

I used tcpdump on LAN and WAN and see the packets from the LAN computer on port 25 go into the firewall, but nothing leaves the WAN interface. The log shows no blocked traffic, the packets on port 25 just evaporate somewhere. Another thing that baffles me are a lot of blocked packets from one host in LAN to other hosts in WAN. A nagios on a LAN computer regularly checks all possible adresses in WAN net by trying to reach port 80. These are blocked by "default deny rule". But why? There is a "pass any any"-rule in LAN (and WAN) as first rule...

What can I do to find out what's going on?

Martin

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2