How to redirect email for pptp users?

NAT
Log in to reply
  • D

    Greetings all.

    I'm a little new to pfSense and I really like it.  I am however stuck.

    I have a static WAN address.  I have a 10 dot Lan address and I have pptp users on a 172.16.45.128/25  network.  The pptp IP range is not associated with a physical NIC.  PPTP is working fine.  All of the pptp users come in from the outside.

    I need to intercept all port 25 out traffic from pptp users and have that traffic forwarded to a single external email server (a static routable IP off of my network) which will in turn forward it to the final destination.  I have been trying to do this with the beta-1, but I can't seem to get there from the gui.  If I were going to put in in a pf.conf I'd just

    rdr on $all_tun_if  proto tcp
            from <tun_ip_addr_list>to any port 25 -> $ext_email_server_ip

    But I can't edit the pf.conf in pfSense because it gets overwritten often.
    Is there a way to do this in the WebGui  or is there a way to do it in the XML file?  Has it been done before and I've missed it in my searches?  Any pointers  greatly appreciated.

    Thank you.</tun_ip_addr_list>

    0
  • J

    Firewall: NAT: Port Forward: Edit
    Interface ptpp
    External address any
    Protocol tcp
    External port range smtp smtp
    NAT IP the ip of youre mail server
    Local port smtp
    Description ptpp smtp redirect

    0
  • D

    Thank you. I just tried that (even reboted) and no dice.  I am reinstalling and trying again.

    0
  • H

    That kind of redirect was broken in the last versions and should work with the upcoming release again. Scott just fixed that 2 days ago. However I'm not sure if that will work for pptp users.

    0
  • D

    Thanks. Yes it is broken.  I do it on my openbsd boxes with a redirect.  Darn, so close…

    Is there a way I can add a couple of lines to the pf.conf and have it stick?

    0
  • S

    This was fixed over the weekend for LAN redirects.  Try a snapshot image from ~sullrich.

    0
  • D

    Thank you.  I actually did a clean reload this morning using

    http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-5-06/pfSense.iso

    dated  05-Feb-2006 21:59  31.3M

    Is that the one?

    0
  • S

    Hrm.  I can't remember if that made it into that one or not.  I'll roll another testing image shortly.

    0
  • D

    That would be great. You roll it, I'll test it.

    0
  • D

    Should I test the pfsense.iso dated 08-Feb-2006 18:53  31.3M
    at http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-8-06/pfSense.iso  ?

    0
  • S

    Yes, please do.

    0
  • D

    No, it still does not pass email according to the rule in port forwarding in the port forward nat section. (does port forward work for outbound??)  On outbound NAT there is no pptp to choose from in the inteface drop down.  I guess this would be analagous to using squid and forwarding those packets somewhere.  Should I try editing the config file?

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy