PPTP ServerIP –> nat --> Lan IP
dubya last edited by
Does anyone know if it is possible to forward a port from the pptp server ip to an lan server?
here is what I tried to do, but I cannot get a connection
PPTP Client 192.168.200.10 client tries to access 192.168.200.254:88
pfSense PPTP Server 192.168.200.254
pfSense Lan Interface 192.168.1.252
Internal Web Server 192.168.1.13 (listening on 88)
The first rule below works from the wan, but the second is from when I tried to make a rule for the pptp clients. I notice the interface doesn't show (first column) and an ext: ip doesn't show up either.
I tried setting that ext IP to 'any' without any luck, I also tried creating a 'vip other' with my pptp server ip, but vip's seems to only be for 'real' interfaces (wan and lan show up, but no pptp)
If Proto Ext. port range NAT IP Int. port range Description
WAN TCP 88 (other) 192.168.1.13(ext.: 2x.xx.xxx.244) 88 (other)
TCP 88 (other) 192.168.1.13(ext.: ) 88 (other)
I can make it work with regular pptp –> lan rules, but I dont want to have use the pptp server as a gateway, or bother with adding a static route on the client after each connection.
I have also played with turning on NAT Reflection, in case it was relevant with no apparent difference.
ssheikh last edited by
I don't follow your setup. Do you have two pfSense boxes (one as the PPTP server and other as a NAT/firewall device) daisy chained?
What are you trying to accomplish with PPTP?
dubya last edited by
No, just the one box, the two points on the ascii diagram were the two 'interfaces' of the 1 pfsense box.
I have the vpn access to allow two computers to connect up remotely and talk to each other but not to my lan.
the idea with the nat was to create access to a service on my lan without giving them full lan access, and without requiring them to use me as a default gateway.
here is a screen shot of three rules. I used telnet in this example. The top rule works from my wan IP but then everyone could access it.
The two rules below don't seem to work