4. Route only dport=25 traffic via site-to-site IPSEC tunnel?

Route only dport=25 traffic via site-to-site IPSEC tunnel?


  • I have a home office set up connected to a rack in our datacenter, with pfSense at both ends.  My ISP blocks connections to dport=tcp/25. Problem is, I maintain a bunch of mail servers and often need to telnet to port 25 of these for testing purposes. To get around this I ssh into the datacenter (which isn't blocked) and make my connections from there.  But that's an extra step I'd like to cut out.

    Anyone know of a way to tunnel & NAT my outbound connections through the site-to-site so that they appear to originate from the datacenter network? Basically, similar to the setup described at: https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel

    But instead of tunneling all traffic via the tunnel, just match dport=tcp/25

    Has anyone done this? I mashed at my keyboard for awhile but couldn't make it work.

    0
  • M

    You cannot policy route ipsec. You can with OpenVPN however.

    0

  • Good to know, thank you.  That was my hunch but I thought I'd ask just in case.  I will create an OpenVPN tunnel for this.

    0

  • Set it all up using OpenVPN.  Working great!  I had to fiddle with my outbound NAT rules a bit, but got it working.  Can telnet to port 25 all day long now.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy