From owner-freebsd-questions Fri Sep 21 19:18:38 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp016.mail.yahoo.com (smtp016.mail.yahoo.com [216.136.174.113]) by hub.freebsd.org (Postfix) with SMTP id AC3E637B410 for ; Fri, 21 Sep 2001 19:18:34 -0700 (PDT) Received: from unknown (HELO MOBILE2) (24.159.225.186) by smtp.mail.vip.sc5.yahoo.com with SMTP; 22 Sep 2001 02:18:34 -0000 X-Apparently-From: Reply-To: From: "SNF" To: Cc: "Freebsd-Questions" Subject: RE: IPFW/NATD - forward all port 25, 110, 143 connections to an internal 10 series server Date: Fri, 21 Sep 2001 21:18:30 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: <20010921160051.E980@blossom.cjclark.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > set up in a rule.) Or, is this something that would be more > appropriately > > done using a different type of rule? I will eventually want to > do the same > > thing with a web server or two... > > The 'fwd' rules do not work how you expect. ipfw(8) does not change > the contents of the packet. You want to do natd(8) 'redirect_port' > within natd(8). > -- > Crist J. Clark cjclark@alum.mit.edu I guess I am still not clear on how I am to implement this. I have a firewall set up on the server, but at the same time I am allowing divert(8) to divert all connections from inside the network through the single outside interface using the following instruction in my ipfw commands: ${fwcmd} add divert natd all from any to any via ${natd_interface} (I guess the best way to explain how I have things set up is to see the way that Dan O'Connor has things described at http://www.mostgraveconcern.com/freebsd/ipfw.html) I then have a script for natd (called natd.conf which is called in rc.conf through the following line: natd_flags="-f /etc/natd.conf" # Additional flags for natd) That script contains the following: # natd.conf use_sockets yes same_ports yes and that is it. If I understand you correctly, everything is already set up correctly and I simply need to add more to the natd.conf file - like: redirect_port tcp 10.10.20.40:pop3 pop3 redirect_port tcp 10.10.20.40:imap imap redirect_port tcp 10.10.20.40:smtp smtp Would this then handle the response that 10.10.20.40 gives to the client? Or, does natd "know" to send the response to the client making the request? And, if I am understanding correctly, this would only affect incoming connections to 24.159.225.186 pop3/smtp/imap? I hope this question is somewhat clear... I've had difficulty condensing it. Thanks, SF _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message