OpenVPN block and redirect ports



  • Hi all,

    I'm in the following situation.

    My pfSense box is configured to support PPTP VPN and OpenVPN co-workers. Both have their own subnet.

    Interface LAN = 172.16.2.0/28
    PPTP VPN = 172.16.201.0/28
    OpenVPN = 172.16.200.0/28

    Some of our co-workers work from home and connect with their VPN but due to a bad habbit they use their own
    mailserver for sending mail to our customers. Now there is a policy that they may only use our relay SMTP.

    Is there a way that i can block port 25 SMTP and redirect that to our lets say: 172.16.2.10 SMTP box?

    I have read i have to make those rules under the LAN firewall part, and specify the openvpn subnet as source but not working.
    Older releases don't have an option to filter tun / tap devices but i'm lost on what to use, for PPTP i can block the port but not yet redirect it.

    Thanks.



  • I think you're looking at it from the wrong perspective.

    What programs do they use to e-Mail? The SMTP server they are using has to be changed in the program settings.
    If it is setup to use  smtp.yahoo.com (for example) it tries to connect to this server, regardless of the route.



  • Hi,

    I know. I don't have much users but problem is they mostly don't even know the difference between our SMTP server and the one they use at home.

    It would be easier if i can route all port 25 to my own server since they use different providers. Then they can leave their settings just as they are and
    when they are not connected they dont have to change the mailserver.



  • You are trying to fix the wrong problem.

    Do those computers belong to the company that owns the to-be-used relay server?
    What OS and which mail program do they use?



  • I fixed the problem using the DNS forwarder and make their A record lookup for the mailserver they use to go to our A record.

    Not very fail proof but for now it is working.


Log in to reply