So finally getting there. I gave up on trying to get it to work with public facing IP’s on the server. So reconfigured the server to use port forwarding with a couple of IP’s from the local subnet. Got this working with a few fixups on postfix, courier and amavis. Then used my old Draytek to port forward. All worked fine provided you are outside the local then. Inside you get lots of nat reflection problems. Rather than piss about I decided just to move over to the pfSense box.
So, deleted the old bridges and created one bridge which contained the FLAN (fixed lan), WLAN and DMZ. After loads of rule fiddling I finally got the whole thing to work. Same problem with nat reflection, but thankfully pfSense has a couple of options to get round that, so after more fiddling it now all works inside and outside the local lan.
So now it’s up and running with the old Draytek running on the Virgin line and running my main lan and pfSense running on the pfSense box running my server. So at the moment they arn’t linked. Next step is to add more firewall rules to the incoming lan (the Virgin one can all be blocked). Then add the second wan to the pfSense box and do all the routing for load balancing. So, all a bit of a mess, but I think it’s finally getting there.
Went to the gym and ran far too much.