ok i see, what you want to do is a transparent, reverse pop3 proxy, to protect your Server and filter out viruses, right? This is a good on, took me some time to figure it out, but we now have it implemented at several clustomer locations.
What you need to do is the following, configure your POP3 proxy to work with this proxied networks: 'Any' -> 'External Interface'
This will automatically create e REDIRECT rule that redirects POP3 traffic to the proxy. As we have a transparent POP3 Proxy, it looks up the IP address of the request where its destination was prior being redirected into the proxy, he needs this destination in order to know which POP3 server he needs to contact to retrieve the wanted email.
In our case the Destination prior REDIRECT was the 'External Interface'. But if the POP3 proxy tries to now to connect to the External inte
As the proxy has no clue where your internal POP3 proxy is located and which iP address he has to connect to, we need to tell him. we do this by using a DNAT rule.
Match: SRC='External Interface' Service='POP3' DST='External Interface' Translate: Change destination to 'POP3 Server LAN'
Don't wonder about this strange DNAT rule, but it works.
Now you only need to add two packetfilter rules and you are set:
Src="Any", Service="POP3", Dst="Externeal Interface", Accept and Src="External Interface", Service="POP3", Dst="POP3 Server LAN", Accept
Your Clients now need to connect to the External Interface of your firewall, and thay will be forwarded through the proxy to your POP3 Server.
