Messages

Man, that was it, everything is working like a charm !!
Thanks you very much for your help !

Made theses rules :



Data streams

Upstream servers

Upstream

Also not working, I think that i'm close but I miss something

I will try to use the nginx plugin in opnsense to proxy my mail traffic but how to set manualy a configuration for nginx on opnsense ?

Code Select Expand

worker_processes auto;

mail {
    server_name mail.example.com;
    auth_http   localhost:9000/cgi-bin/nginxauth.cgi;

    proxy_pass_error_message on;

    ssl                 on;
    ssl_certificate     /etc/ssl/certs/server.crt;
    ssl_certificate_key /etc/ssl/certs/server.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;

    server {
        listen     25;
        protocol   smtp;
        smtp_auth  login plain cram-md5;
    }

    server {
        listen    110;
        protocol  pop3;
        pop3_auth plain apop cram-md5;
}

     server {
        listen   143;
        protocol imap;
    }
}

I found this code on the nginx website, I will modify it but am I on the right way ?

Regards

Hello,

you should think about split DNS and point the domain name directly to your NAS without the firewall for your local LAN clients.
If you don't want to do this, you need to setup NAT reflection. There are tons of threads in the forum and detailed documentation available.

The better way is split DNS.

Have fun and good luck.

I can't point my domain directly to my NAS because my reverse proxy is running on the port 4443 so I need to forward all the https traffic to this port...
For the NAT reflection, do you have a lead for me because I didnt use my external ip to access my services on the local network.
My rules should work i don't understand why there are not...

.

Hello guys,

So I setup-ed a mail server and everything is working from outside my local network, the port forwarding rules work as expected.
Now in my local network my domain name is reach my opnsense firewall directly (I use next the reverse proxy to deserve my websites).
So to get the mail working in my local network I made these rules :


My NAS address is 192.168.1.25

Now i don't understand why but I can't reach my mail server with my domain name : mail.domainname.com
Wich is when I do a nslookup reaching directly my LAN address, the firewall address.

I hope somebody could help me with that !

Problem fixed with an OpenWRT reset and using the same config.

Strange things happend...

Hey,

Problem fixed with a nginx reverse proxy !

Hey Fright,

I made the same rule on port forwarding but changed the destination to LAN adress.



It's again, not working. I really don't understand why

I really don't understand why it is not working, I followed several tutorials and it should be working

I see that in my firewall logs, the traffic between my host and the gateway is blocked. But I don't know why its on the LAN interface and not on my VLAN interface

I change my VLAN ID to 20
My guest network rules :

I can't ping the VLAN 20 gateway when from a host on this VLAN.

My Openwrt configuration :

Hi everyone,

I just followed the opnsense guide to set a guest wifi, I made a VLAN and configured all the dhcp and firewall rules on opn sense.
I use a openwrt as AP only, I created an interface with a bridge between the guest SSID and the eth0.10 VLAN (VLAN ID is 10 for me).
The DHCP server work and I get an acces to opnsense (didnt made a rule to block that yet). But the DNS is not working, "time out" on each nslookup command.
I think I'm close to the goal, did I miss something ?

Will try do do that thanks

test.ovh point to my target host not my opnsense host.
If my nginx reverse proxy on my nas runned on the port 443 I would not have any problem but It run on the port 4443. So I need something to redirect the traffic.

The solution would be like Quetschwalze said to change my NAS of subnet (on the WAN for exemple) but I don't want to, he serve as a dhcp client and i have a lot of services running on it and I don't want to make a rule for each.