Show Posts
1
20.1 Legacy Series / Can't send mail by smtp, but by submission??
« on: February 25, 2020, 10:57:26 pm »
I replaced an aging pfsense firewall on slow hardware by opnsense 20.1 on a APU2 board. The setup is fairly simple, no NAT, only routing and filtering. Outbound NAT is set to Manual rule generation, but no rules are defined.
LAN (192.168.99.0/24) - Lan_IF (192.168.99.1/24) - Firewall- WAN_IF (192.168.245.3/24) - Gateway (192.168.245.1)
The WAN net has a default gateway which handles internet access. This gateway has a route to my LAN and sends traffic to the WAN interface. For the moment, every interface on the OPNSense has only one rule, pass any any. Everything works fine... except access to a smtp server in the internet. A "telnet <server> 25" just doesn't work, a "telnet <server> 587" does. Yes, the <server> accepts traffic on port 25 and 587....
I used tcpdump on LAN and WAN and see the packets from the LAN computer on port 25 go into the firewall, but nothing leaves the WAN interface. The log shows no blocked traffic, the packets on port 25 just evaporate somewhere. Another thing that baffles me are a lot of blocked packets from one host in LAN to other hosts in WAN. A nagios on a LAN computer regularly checks all possible adresses in WAN net by trying to reach port 80. These are blocked by "default deny rule". But why? There is a "pass any any"-rule in LAN (and WAN) as first rule...
What can I do to find out what's going on?
Martin
LAN (192.168.99.0/24) - Lan_IF (192.168.99.1/24) - Firewall- WAN_IF (192.168.245.3/24) - Gateway (192.168.245.1)
The WAN net has a default gateway which handles internet access. This gateway has a route to my LAN and sends traffic to the WAN interface. For the moment, every interface on the OPNSense has only one rule, pass any any. Everything works fine... except access to a smtp server in the internet. A "telnet <server> 25" just doesn't work, a "telnet <server> 587" does. Yes, the <server> accepts traffic on port 25 and 587....
I used tcpdump on LAN and WAN and see the packets from the LAN computer on port 25 go into the firewall, but nothing leaves the WAN interface. The log shows no blocked traffic, the packets on port 25 just evaporate somewhere. Another thing that baffles me are a lot of blocked packets from one host in LAN to other hosts in WAN. A nagios on a LAN computer regularly checks all possible adresses in WAN net by trying to reach port 80. These are blocked by "default deny rule". But why? There is a "pass any any"-rule in LAN (and WAN) as first rule...
What can I do to find out what's going on?
Martin