How to redirect email for pptp users?
-
Greetings all.
I'm a little new to pfSense and I really like it. I am however stuck.
I have a static WAN address. I have a 10 dot Lan address and I have pptp users on a 172.16.45.128/25 network. The pptp IP range is not associated with a physical NIC. PPTP is working fine. All of the pptp users come in from the outside.
I need to intercept all port 25 out traffic from pptp users and have that traffic forwarded to a single external email server (a static routable IP off of my network) which will in turn forward it to the final destination. I have been trying to do this with the beta-1, but I can't seem to get there from the gui. If I were going to put in in a pf.conf I'd just
rdr on $all_tun_if proto tcp
from <tun_ip_addr_list>to any port 25 -> $ext_email_server_ipBut I can't edit the pf.conf in pfSense because it gets overwritten often.
Is there a way to do this in the WebGui or is there a way to do it in the XML file? Has it been done before and I've missed it in my searches? Any pointers greatly appreciated.Thank you.</tun_ip_addr_list>
-
Firewall: NAT: Port Forward: Edit
Interface ptpp
External address any
Protocol tcp
External port range smtp smtp
NAT IP the ip of youre mail server
Local port smtp
Description ptpp smtp redirect -
Thank you. I just tried that (even reboted) and no dice. I am reinstalling and trying again.
-
That kind of redirect was broken in the last versions and should work with the upcoming release again. Scott just fixed that 2 days ago. However I'm not sure if that will work for pptp users.
-
Thanks. Yes it is broken. I do it on my openbsd boxes with a redirect. Darn, so close…
Is there a way I can add a couple of lines to the pf.conf and have it stick?
-
This was fixed over the weekend for LAN redirects. Try a snapshot image from ~sullrich.
-
Thank you. I actually did a clean reload this morning using
http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-5-06/pfSense.iso
dated 05-Feb-2006 21:59 31.3M
Is that the one?
-
Hrm. I can't remember if that made it into that one or not. I'll roll another testing image shortly.
-
That would be great. You roll it, I'll test it.
-
Should I test the pfsense.iso dated 08-Feb-2006 18:53 31.3M
at http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-8-06/pfSense.iso ? -
Yes, please do.
-
No, it still does not pass email according to the rule in port forwarding in the port forward nat section. (does port forward work for outbound??) On outbound NAT there is no pptp to choose from in the inteface drop down. I guess this would be analagous to using squid and forwarding those packets somewhere. Should I try editing the config file?