How to redirect email for pptp users?

ddvzlnz

Greetings all.

I'm a little new to pfSense and I really like it.  I am however stuck.

I have a static WAN address.  I have a 10 dot Lan address and I have pptp users on a 172.16.45.128/25  network.  The pptp IP range is not associated with a physical NIC.  PPTP is working fine.  All of the pptp users come in from the outside.

I need to intercept all port 25 out traffic from pptp users and have that traffic forwarded to a single external email server (a static routable IP off of my network) which will in turn forward it to the final destination.  I have been trying to do this with the beta-1, but I can't seem to get there from the gui.  If I were going to put in in a pf.conf I'd just

rdr on $all_tun_if  proto tcp
        from <tun_ip_addr_list>to any port 25 -> $ext_email_server_ip

But I can't edit the pf.conf in pfSense because it gets overwritten often.
Is there a way to do this in the WebGui  or is there a way to do it in the XML file?  Has it been done before and I've missed it in my searches?  Any pointers  greatly appreciated.

Thank you.</tun_ip_addr_list>

jeroen234

Firewall: NAT: Port Forward: Edit
Interface ptpp
External address any
Protocol tcp
External port range smtp smtp
NAT IP the ip of youre mail server
Local port smtp
Description ptpp smtp redirect

ddvzlnz

Thank you. I just tried that (even reboted) and no dice.  I am reinstalling and trying again.

hoba

That kind of redirect was broken in the last versions and should work with the upcoming release again. Scott just fixed that 2 days ago. However I'm not sure if that will work for pptp users.

ddvzlnz

Thanks. Yes it is broken.  I do it on my openbsd boxes with a redirect.  Darn, so close…

Is there a way I can add a couple of lines to the pf.conf and have it stick?

sullrich

This was fixed over the weekend for LAN redirects.  Try a snapshot image from ~sullrich.

ddvzlnz

Thank you.  I actually did a clean reload this morning using

http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-5-06/pfSense.iso

dated  05-Feb-2006 21:59  31.3M

Is that the one?

sullrich

Hrm.  I can't remember if that made it into that one or not.  I'll roll another testing image shortly.

ddvzlnz

That would be great. You roll it, I'll test it.

ddvzlnz

Should I test the pfsense.iso dated 08-Feb-2006 18:53  31.3M
at http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-8-06/pfSense.iso  ?

sullrich

Yes, please do.

ddvzlnz

No, it still does not pass email according to the rule in port forwarding in the port forward nat section. (does port forward work for outbound??)  On outbound NAT there is no pptp to choose from in the inteface drop down.  I guess this would be analagous to using squid and forwarding those packets somewhere.  Should I try editing the config file?