Hi community
I was not sure of the best heading for this thread as I’m not sure were my problem lies.
It’s either going to be with me and not fully understanding rule creation or that there is some bug due to the way I have to add my IP alias.
Perhaps I’m not even doing that right!
I’ve read the documentation regarding NAT but I am dyslexic so I may have missed things.
So here goes
I have a BT Business connection here in the UK. My IPFire box dials in via PPoE to an openreach modem. I pay for a bock of 5 IP’s.
The way BT do things is that your router receives a dynamic address, supposedly so as not to potentially waste an IP from your static pool. Don’t know.
I have followed the howto for adding alias to IPFire when using PPoE via the bellow.
https://exabyte-systems.com/dokuwiki/doku.php/public:ipfire:ipfire_ipalias.md
This has worked as in the IP’s are there to choose from when creating rules. The only bit of the tutorial that is not how it should be for me is that there is no aliases menu.
“You will see the addresses in the ipfire menu → network → aliases” Nope not for me.
All my servers are in the orange network and I have two web servers that I have managed to create a working set of rules for using destination NAT, which opens ports 80,443 and directs traffic from the relevant IP’s in my WAN pool to the local IP’s in orange. This is tested and working fine.
There is also a redirect from a static IP to my routers dynamic one for VPN and that also works fine.
Now my problems seem to come when I have services sending out to the net.
One of these servers is also running a mail server and when I create a rule in the same way for port 465,25 I get a bounce back when sending email stating that there is no SRV or DKIM record for the sending IP. The IP listed is from my pool but it is not the correct IP, the correct IP has a valid DKIM.
I did actually have email working fine with a destination NAT rule for months so something has changed. I have started again from scratch checking the howto for adding alias and re doing my rules but nothing has worked. Now I get a bounce back referring to the dynamic IP on my router.
I have had smiler issues with a game server running rust and Plex running from my TrueNAS. The console in rust returned the wrong IP from my pool when starting up. It would list my routers dynamic IP. I did get around this by creating a set of NAT rules. One destination NAT and one source NAT rule for all protocols to the correct IP for the game server. This did work but had the knock on effect that my Plex Server inside of green would not work with any desensitisation rule to any of my IP’s other than that set for my game server!
Interestingly the IP my email bounce back returned was that of the game server. But since starting again it is now the dynamic IP of my IPFire. My desktops show my WAN IP as the dynamic one my router gets and thats all ways been the case. Both now and before.
These servers are VM’s running on my TrueNAS box. It has a few NIC’s one connected to green for SAMBA and Plex then another on Orange which all the internet facing VM’s use.
If more information is needed then I’ll do my best to provided it. Any pointers would be greatly appreciated.
IPFire Core Update 184
