Date: Fri, 21 Sep 2001 21:18:30 -0500 From: "SNF" <snf_lists@yahoo.com> To: <cjclark@alum.mit.edu> Cc: "Freebsd-Questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: IPFW/NATD - forward all port 25, 110, 143 connections to an internal 10 series server Message-ID: <LOBBKFILCMGGNDCBBCELCENOECAA.snf_lists@yahoo.com> In-Reply-To: <20010921160051.E980@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<snip>
> > set up in a rule.) Or, is this something that would be more
> appropriately
> > done using a different type of rule? I will eventually want to
> do the same
> > thing with a web server or two...
>
> The 'fwd' rules do not work how you expect. ipfw(8) does not change
> the contents of the packet. You want to do natd(8) 'redirect_port'
> within natd(8).
> --
> Crist J. Clark cjclark@alum.mit.edu
<end>
I guess I am still not clear on how I am to implement this. I have a
firewall set up on the server, but at the same time I am allowing divert(8)
to divert all connections from inside the network through the single outside
interface using the following instruction in my ipfw commands:
${fwcmd} add divert natd all from any to any via ${natd_interface}
(I guess the best way to explain how I have things set up is to see the way
that Dan O'Connor has things described at
http://www.mostgraveconcern.com/freebsd/ipfw.html)
I then have a script for natd (called natd.conf which is called in rc.conf
through the following line:
natd_flags="-f /etc/natd.conf" # Additional flags for natd)
That script contains the following:
# natd.conf
use_sockets yes
same_ports yes
and that is it. If I understand you correctly, everything is already set up
correctly and I simply need to add more to the natd.conf file - like:
redirect_port tcp 10.10.20.40:pop3 pop3
redirect_port tcp 10.10.20.40:imap imap
redirect_port tcp 10.10.20.40:smtp smtp
Would this then handle the response that 10.10.20.40 gives to the client?
Or, does natd "know" to send the response to the client making the request?
And, if I am understanding correctly, this would only affect incoming
connections to 24.159.225.186 pop3/smtp/imap?
I hope this question is somewhat clear... I've had difficulty condensing
it.
Thanks,
SF
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBKFILCMGGNDCBBCELCENOECAA.snf_lists>