Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Outbound NAT rules ignored
« previous
next »
Print
Pages: [
1
]
Author
Topic: Outbound NAT rules ignored (Read 3685 times)
republicus
Newbie
Posts: 8
Karma: 0
Outbound NAT rules ignored
«
on:
June 20, 2019, 12:07:50 pm »
With my ISP I get a dynamic IP and I have also purchased several static IP addresses.
I noticed that gmail said it could not authenticate the sender and Microsoft is bouncing the mail entirely.
At first I thought it was only my SPF records. But, as I investigated I found out that all email is being sent through the WAN dynamic IP.
I have tried every way I can imagine to make the Outbound NAT work but I have had no success.
I have tried with Virtual IPs.. as well as working interface IPs that are assigned to ports.
Every change results in the WAN/dynamic IP being used.
My outbound NAT mode is: Hybrid outbound NAT rule generation
Any thoughts on what I might be missing to get this setup?
Logged
republicus
Newbie
Posts: 8
Karma: 0
Re: Outbound NAT rules ignored
«
Reply #1 on:
June 21, 2019, 12:44:00 am »
So I changed the the NAT Outbound mode to manual and it caused all outbound traffic to stop.
It's as if my outbound rules are ignored completely.
I see several posts about Outbound NAT with no replies. If you think you can help me, please share your thoughts.
Thanks.
Logged
manjeet
Jr. Member
Posts: 54
Karma: 4
Re: Outbound NAT rules ignored
«
Reply #2 on:
June 21, 2019, 08:09:40 am »
Hi, Your scenario is little confusing. Please answer these question to understand better.
1. You said multiple static IP. So how many ISP connection do you have. because in my area / country you can only have one static IP on one broadband connection. Lease line is different thing, you can have multiple static IPs here.
2. Where is your static IP configured. On OPNsense or on modem/router provided by ISP. In case it is on router provided by ISP then how is it connected OPNsense i.e. nat from ISP modem to opnsense or Bridge mode ?
3. There is no general need to change outbound rules so keep them on "Automatic outbound NAT rule generation" option.
--
I had situation, not something exactly same but it can be related.
So i have 2 isp connections, one with static IP and one with Dynamic. One for office use and one for any other outside. But both going through opnsense so i have to make it working the way that any user with external device / dhcp will automatically go through gateway 2 which is my broadband without static IP. So i configured the firewall internal network rule as:
a. Source -> EXTERNAL USERS (Alias created for easy implementation) -> In your case u can choose your internal network or mail server IP for better restriction or any
b. source port -> any
c. destination -> any
d. destination port -> mine is any but you need to forward email through it so select your SMTP port here
e. Gateway -> This is most important. -> Select the gateway with the static IP which you want to email to work with. (Obiously you have to create/add an another gateway in wan in case you have multiple ISP or virtual adapter with static IP in case of single ISP which also means you have to work with vlans.
You also need similar rule / port forwarding from receiving email and DNS settings from domain to forward / pointing the mx to the opnsense static IP.
NOTE: I am writing this by assuming that your mail server is behind opnsense.
NOTE: Google and microsoft issue: check your static IP in blacklist, verify ssl certificate.
«
Last Edit: June 21, 2019, 08:23:50 am by manjeet
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Outbound NAT rules ignored