PPTP ServerIP –> nat --> Lan IP



  • Does anyone know if it is possible to forward a port from the pptp server ip to an lan server?

    here is what I tried to do, but I cannot get a connection

    PPTP Client 192.168.200.10    client tries to access 192.168.200.254:88
                  |
                  |
    pfSense PPTP Server 192.168.200.254
                  |
                  |
    pfSense Lan Interface 192.168.1.252
                  |
                  |
    Internal Web Server 192.168.1.13 (listening on 88)

    The first rule below works from the wan, but the second is from when I tried to make a rule for the pptp clients. I notice the interface doesn't show (first column) and an ext: ip doesn't show up either.

    I tried setting that ext IP to 'any' without any luck, I also tried creating a 'vip other' with my pptp server ip, but vip's seems to only be for 'real' interfaces (wan and lan show up, but no pptp)

    If  Proto  Ext. port range  NAT IP  Int. port range                  Description 
    WAN TCP         88 (other) 192.168.1.13(ext.: 2x.xx.xxx.244)  88 (other)  
            TCP         88 (other) 192.168.1.13(ext.: )                    88 (other)

    I can make it work with regular pptp –> lan rules, but I dont want to have use the pptp server as a gateway, or bother with adding a static route on the client after each connection.

    I have also played with turning on NAT Reflection, in case it was relevant with no apparent difference.

    Thanks



  • I don't follow your setup. Do you have two pfSense boxes (one as the PPTP server and other as a NAT/firewall device) daisy chained?

    What are you trying to accomplish with PPTP?



  • No, just the one box, the two points on the ascii diagram were the two 'interfaces' of the 1 pfsense box.
    I have the vpn access to allow two computers to connect up remotely and talk to each other but not to my lan.
    the idea with the nat was to create access to a service on my lan without giving them full lan access, and without requiring them to use me as a default gateway.

    here is a screen shot of three rules. I used telnet in this example. The top rule works from my wan IP but then everyone could access it.
    The two rules below don't seem to work



Log in to reply