From owner-freebsd-isp Fri Mar 10 7:25:49 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail-smtp.socket.net (mail-smtp.socket.net [216.106.1.32]) by hub.freebsd.org (Postfix) with ESMTP id DAD5B37BA13 for ; Fri, 10 Mar 2000 07:25:39 -0800 (PST) (envelope-from vae@socket.net) Received: from socket.net (mail.socket.net [216.106.1.7]) by mail-smtp.socket.net (8.9.3/8.9.3) with SMTP id XAA07072 for ; Fri, 10 Mar 2000 23:26:54 -0600 Received: from vaevictus.socket.net ([216.106.1.37]) by socket.net ; Fri, 10 Mar 2000 08:58:56 -0600 Date: Fri, 10 Mar 2000 09:25:28 -0600 (CST) From: Vaevictus Asmadi To: Matthew Hagerty Cc: isp@freebsd.org Subject: Re: POP3 proxy possible? In-Reply-To: <4.2.2.20000307101901.00a20200@mail.venux.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org SSH2 (and 1?) does port forwarding in the commandline... In a couple of instances, I just connected to the computer i want to forward to, and to keep the tunnel open, I executed a program that didn't exit. It's a bit messy, but it solves some of the problems related here. ssh2 otherhost -L localport:remotehost:remoteport is kinda how it works. This also has the advantage of encrypting the tunnel. not very useful with pop3, i'm afraid, but of course, this is a universal port forward process. n8 On Tue, 7 Mar 2000, Matthew Hagerty wrote: > Greetings, > > I was wondering if there is a way to proxy a port, specifically pop3(110), > to another computer. Something like: > > "If a connection comes in on my port 110, forward to ip:port" > > What I have is a firewall setup like this: > > Internet > | > | > +--------+ +---------+ > | router | | Bastion | > +--------+ +---------+ > | Perimeter Network | > +--------------------------------------+ > Real IP assignment | > | > +-----------+ > | Firewall | > | NATd IPFW | > +-----------+ > | > +----------------------------------+ > | Fake IP assignment 10.0.0.0/24 > +------+ > | pop3 | > +------+ > > I need to enable external access of pop3 (I know, I know, but it is not my > decision). > > The first problem is that an external pop3 client cannot route to a fake > IP, so they have to pop3 to a real host, i.e. the bastion. The bastion > would then forward the request to the firewall machine which knows how to > route to the internal server. The bastion host also has a static route so > it knows that 10.0.0.0/24 should be routed to the firewall. > > The second problem is that the firewall will only accept packets from the > bastion host, so external pop3 clients cannot connect directly to the > firewall machine to have the pop3 request forwarded. > > What I though I needed was a simple "port pass-though" program of some > sort. I thought NATd could do this with the -reverse, -proxy_only, and > -proxy_rule parameters, but I could not get it to work. I could not find > any other docs or examples on NATd other than the man page, is there any? > > One other thing, can NATd be run without IPFIREWALL? In this case I don't > need a firewall, so can I leave the option out of my kernel and just use > IPDIVERT? > > Any insight would be greatly appreciated! > > Thank you, > Matthew Hagerty > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- *------------------------------------* "Art may imitate life, but life imitates TV." --- Ani Difranco, Superhero *------------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message