Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 May 2000 17:37:55 -0600 (MDT)
From:      Nick Rogness <nick@rapidnet.com>
To:        Ron Smith <ronnetron@hotmail.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: SMTP rules
Message-ID:  <Pine.BSF.4.05.10005301722500.9196-100000@rapidnet.com>
In-Reply-To: <20000530231417.18001.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 30 May 2000, Ron Smith wrote:

> Hi all

	Hello,
> 
> 'uname -a' says: FreeBSD 3.4-RELEASE
> 
> I would like to send and receive mail through our firewall, but the canned 
> rule for this doesn't seem to work. I have the following in place:
> 
> # Allow setup of incoming email
> $fwcmd add pass tcp from any to ${oip} 25 setup

	Umm, ok.

> 
> We have a separate mail server, behind the NAT router, that handles the 
> mail. But, no one on the outside of our LAN is able to send email to our 
> mail server. And, we aren't able to send mail out to anyone other than the 
> people on our LAN.

	I'm assuming your mail server is on the private side?  Is a
	redirect_port added in the natd config? 

	You need to give more details of how your network is constructed.
	2 different mail servers?  Are you doing your own DNS?  what type
	of mail server is it?  Is your nat device your mail server?  Is it
	FreeBSD? etc,etc,etc.

> 
> 'more /etc/db.ourdomain.com' says the following:
> 
> ;MX records
> @       IN    MX    10    mail.ourdomain.com.

	What does the outside world think about your domain?  Is your
	server authoritative for your domain:

	# nslookup

	>root
	Default Server:  a.root-servers.net
	Address:  198.41.0.4

	>set type=NS
	>yourdomain.com

		.
		.
		ns.yourdomain.com	your_NS_IP

	>server your_NS_IP
	>set type=MX
	>yourdomain.com

		mail exchanger= mail.yourdomain.com
		mail.yourdomain.com	your_OUTSIDE_IP
	>exit

	#

	I'm assuming you are running DNS.

> 
> ;hosts
> mail    IN    A           192.x.x.x

	This is a rather tricky setup because you are on a NAT'd network.
	You must have 2 different Name servers running (or possibly 2
	subdomains), one for your public side and one for your private
	side.  Once again, this is, of course, if you are doing DNS for
	your domain.

> 
> Apparently there is something I'm missing. Any help would be appreciated 
> greatly.

	Give some more details and your probelm will probably get
	resolved quickly ;-)


Nick Rogness
- Speak softly and carry a Gigabit switch.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10005301722500.9196-100000>