Date: Tue, 21 Nov 2000 13:15:31 -0700 (MST) From: Nick Rogness <nick@rapidnet.com> To: Hamilton Hoover <hamilton@twopoint.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@FreeBSD.ORG> Subject: Re: dual homed gateway system running ipfw and nat. need rules help. Message-ID: <Pine.BSF.4.21.0011211309120.88289-100000@rapidnet.com> In-Reply-To: <3A1ACB68.E9CA2862@twopoint.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Nov 2000, Hamilton Hoover wrote:
> First, thanks so much for your help so far. The information I have
> learned is invaluable. Should you ever be in my neck of the woods beer
> and pizza are on me.
Might take you up on that ;-p
>
> I am so close at this point i can taste it. There are just a few bugs
> left that I am having trouble with. At this point I am still not passing
> mail from the firewall but I can see in various logs what is stopping
> it. I am not sure how to circumvent this.
>
What des the logs say.
> my natd.conf reads as follows:
>
> dynamic no
> use_sockets yes
> same_ports yes
> redirect_port tcp 192.x.x.x:25 209.x.x.x:25
>
What do your firewall and natd files look like (complete)?
> where 192.x.x.x is the address of the mail server on the private net and
> 209.x.x.x is the address of the public interface of the firewall.
>
> my firewall script has these rules for passing mail. I'm unsure if I
> even need this with the redirect rule in natd.conf but I put it here
> anyway. I have tried commenting it and the results were the same.
>
> ${fwcmd} add pass tcp from any 25 to 192.x.x.x 25
>
If you are going to use this rule, Make sure this rule occurs
after the divert statement in the ipfw ruleset. You shouldn't
have to use it though.
> I have also tried
>
> ${fwcmd} add pass tcp from any 25 to 192.x.x.x 25 via ${iip}
>
> Scanning open ports on the public side of the firewall I noticed that
> only ssh 22 is open. I need to have port 25 open in order for this to
> work right? In rc.conf I have
>
No. The port is taken care of by natd.
> sendmail_enable "NO"
>
> changing this to
>
> sendmail_enable "yes"
>
Leave sendmail off.
> produces sendmail relaying denied errors. I'm pretty sure that I don't
> really need sendmail running just to pass itt through the firewall but I
> don't seem to be able to open port 25 without it. Additionally I would
> like the security email sent to myself and that only seems to work if
> sendmail is running.
>
Use an alias to forward it to your linux machine.
I need more specific info like IP addresses and configs. You can
email off this list and I'll work with ya on it.
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011211309120.88289-100000>