On Mon, Feb 9, 2009 at 3:14 PM, Joel Robison <[email protected]> wrote: > Hello All, > I was wondering if anyone here would be able to give me some pointers in > context of traffic redirection. What I am attempting (and failing at I > should add) to do is redirect all SMTP traffic from the LAN to another > machine on the LAN interface for mail processing with a given set of rules > I have created for the postfix instance (Think DLP reasons). Essentially > this should be no different that setting up a transparent proxy server with > squid (redirecting all web traffic to another server before it egresses the > firewall). I know that at some point I have used PFSense to do the latter, > but as I mentioned before I am failing, as the rule I have added to the LAN > tab never gets hits. > Here is the rule: > Proto Source Port Destination Port Gateway Schedule > Description > TCP/UDP LAN net * 10.10.1.151 25 (SMTP) * > > > Any ideas what it is that I am NOT doing? or that I am doing wrong? > -Joel
The MTA needs to not be on the same network as you are redirecting. ie. You can't send LAN traffic back to LAN, it MUST go to a different interface (say a DMZ). There are ways around the issue Tim describes, but it's not really pertinent to your issue at the moment anyway. Bottom line, you can't port forward to an address on the same network as the traffic is sourced from. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
