From owner-freebsd-isp Fri Mar 10 12: 5:20 2000 Delivered-To: freebsd-isp@freebsd.org Received: from hydrant.intranova.net (msb-ts-slip09.UMDNJ.EDU [130.219.28.69]) by hub.freebsd.org (Postfix) with SMTP id 5125E37BAC2 for ; Fri, 10 Mar 2000 12:05:11 -0800 (PST) (envelope-from oogali@intranova.net) Received: (qmail 22785 invoked from network); 10 Mar 2000 20:05:20 -0000 Received: from hydrant.abuselabs.com (HELO hydrant) (@192.168.0.1) by hydrant.abuselabs.com with SMTP; 10 Mar 2000 20:05:20 -0000 Date: Fri, 10 Mar 2000 15:05:20 -0500 (EST) From: Omachonu Ogali To: Matthew Hagerty Cc: isp@freebsd.org Subject: Re: POP3 proxy possible? In-Reply-To: <4.2.2.20000307101901.00a20200@mail.venux.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ipfw add fwd ip.address,port from any to my.ip.address.com 110 On Tue, 7 Mar 2000, Matthew Hagerty wrote: > Greetings, > > I was wondering if there is a way to proxy a port, specifically pop3(110), > to another computer. Something like: > > "If a connection comes in on my port 110, forward to ip:port" > > What I have is a firewall setup like this: > > Internet > | > | > +--------+ +---------+ > | router | | Bastion | > +--------+ +---------+ > | Perimeter Network | > +--------------------------------------+ > Real IP assignment | > | > +-----------+ > | Firewall | > | NATd IPFW | > +-----------+ > | > +----------------------------------+ > | Fake IP assignment 10.0.0.0/24 > +------+ > | pop3 | > +------+ > > I need to enable external access of pop3 (I know, I know, but it is not my > decision). > > The first problem is that an external pop3 client cannot route to a fake > IP, so they have to pop3 to a real host, i.e. the bastion. The bastion > would then forward the request to the firewall machine which knows how to > route to the internal server. The bastion host also has a static route so > it knows that 10.0.0.0/24 should be routed to the firewall. > > The second problem is that the firewall will only accept packets from the > bastion host, so external pop3 clients cannot connect directly to the > firewall machine to have the pop3 request forwarded. > > What I though I needed was a simple "port pass-though" program of some > sort. I thought NATd could do this with the -reverse, -proxy_only, and > -proxy_rule parameters, but I could not get it to work. I could not find > any other docs or examples on NATd other than the man page, is there any? > > One other thing, can NATd be run without IPFIREWALL? In this case I don't > need a firewall, so can I leave the option out of my kernel and just use > IPDIVERT? > > Any insight would be greatly appreciated! > > Thank you, > Matthew Hagerty > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message