I have done a little experimenting with this over the past few hours (while dodging IT requests, I am sure most of you are familiar). I setup a VLAN interface that is off of the LAN interface to put the email server in a DMZ. I then created a rule that will look for my workstation as a source IP and the Source PORT of 25 and forward them to the new VLAN subnet/machine on port 25. Admitantly, I am a little confused by this, as I had always thought that the source PORT range would most likely not be the port I was trying to match as most programs generate a higher port on the client side then establish a connection to the server. Am I wrong?
What more information can I provide that would help me understand what is going on, and/or fix this issue? -Joel Robison On Mon, Feb 9, 2009 at 3:11 PM, Chris Buechler <c...@pfsense.org> wrote: > On Mon, Feb 9, 2009 at 5:43 PM, Tim Nelson <tnel...@rockbochs.com> wrote: > > ----- "Bill Marquette" <bill.marque...@gmail.com> wrote: > >> > >> The MTA needs to not be on the same network as you are redirecting. > >> ie. You can't send LAN traffic back to LAN, it MUST go to a > >> different > >> interface (say a DMZ). There are ways around the issue Tim > >> describes, > >> but it's not really pertinent to your issue at the moment anyway. > >> Bottom line, you can't port forward to an address on the same network > >> as the traffic is sourced from. > > > > Care to share the ways around the issue? :-) > > > > Specifying source IP/net in port forward rules, which isn't possible > in pfSense 1.2 nor 2.0 at this time. It's on the feature request list > already. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
