From owner-freebsd-questions Thu Dec 16 15: 8:26 1999 Delivered-To: freebsd-questions@freebsd.org Received: from gate.hsag.com (gate.hsag.com [209.180.144.14]) by hub.freebsd.org (Postfix) with SMTP id CE0B2152EC for ; Thu, 16 Dec 1999 15:08:16 -0800 (PST) (envelope-from SWorthington@hsag.com) Received: (qmail 25738 invoked from network); 16 Dec 1999 22:53:21 -0000 Received: from unknown (HELO internal.hsag.com) (192.168.83.9) by 192.168.83.5 with SMTP; 16 Dec 1999 22:53:21 -0000 Received: from AZPRO-Message_Server by internal.hsag.com with Novell_GroupWise; Thu, 16 Dec 1999 16:10:21 -0700 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.2.1 Date: Thu, 16 Dec 1999 16:09:51 -0700 From: "Scott Worthington" To: Cc: Subject: Re: Proper use of natd for mail (port 25)... Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>> Martin Welk 12/16/99 02:35PM >>> >Scott, I have set up similar configurations at work and for customers - >for example, for VNC access of a Windoze box from special hosts in the >outer world or using FileMaker databases. It works flawlessly - I tried >to look through for mail carefully but didn't find anything, sorry. > >Please add a ``log'' parameter to your firewall rules and look where >the packets go and how they look like (and you can give us some useful >excerpt from it, I mean, what happens to the packet(s) on their way?) > I changed this in the rc.firewall Original: /sbin/ipfw add divert natd all from any to any via fxp0 Now: /sbin/ipfw add divert natd log all from any to any via fxp0 The /var/log/messages had this when I was telnet'ing from=20 public.ip.10 to public.ip.8 port 25: date time hostname /kernel: ipfw: 100 Divert 8668 TCP public.ip.10:1082 public.ip.8:25 in via fxp0 I did notice that there was no 'out'. >You could even tcpdump -i fxp1 to see which packets go through that net. > >I think the packets coming back from your internal SMTP server don't pass >natd, because you do divert those packets if they go via fxp0. A private >nework (10.0/8, 172.I.was.to.lazy.to.look.in./etc/hosts, 192.168/16) = should >never be routed to the outer world, maybe that's the simple reason. > >Remove the ``via fxp0'' parameter from the divert rule. > I dropped the via fxp0 from the divert rule and reran the process. The /var/log/messages had this when I was telnet'ing from=20 public.ip.10 to public.ip.8 port 25: date time hostname /kernel: ipfw: 100 Divert 8668 TCP public.ip.10:1082 public.ip.8:25 in via fxp0 date time hostname /kernel: ipfw 100 Divert 8668 TCP public.ip.10:1082 192.168.83.9:25 out via fxp0 But still the telnet timed out (Unable to connect to remote host:=20 Operation timed out). So I tried to telnet from the firewall machine to 192.168.83.9 port 25. Eeech, no connect this time. I did not write down the log info, though. >Good luck, > >Martin Any way you can seek a peak at one of your finely configured machines at work :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message