From owner-freebsd-ipfw Tue May 30 16:38: 9 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 306B937B749 for ; Tue, 30 May 2000 16:38:03 -0700 (PDT) (envelope-from nick@rapidnet.com) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id RAA16848; Tue, 30 May 2000 17:37:55 -0600 (MDT) Date: Tue, 30 May 2000 17:37:55 -0600 (MDT) From: Nick Rogness To: Ron Smith Cc: freebsd-ipfw@freebsd.org Subject: Re: SMTP rules In-Reply-To: <20000530231417.18001.qmail@hotmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 30 May 2000, Ron Smith wrote: > Hi all Hello, > > 'uname -a' says: FreeBSD 3.4-RELEASE > > I would like to send and receive mail through our firewall, but the canned > rule for this doesn't seem to work. I have the following in place: > > # Allow setup of incoming email > $fwcmd add pass tcp from any to ${oip} 25 setup Umm, ok. > > We have a separate mail server, behind the NAT router, that handles the > mail. But, no one on the outside of our LAN is able to send email to our > mail server. And, we aren't able to send mail out to anyone other than the > people on our LAN. I'm assuming your mail server is on the private side? Is a redirect_port added in the natd config? You need to give more details of how your network is constructed. 2 different mail servers? Are you doing your own DNS? what type of mail server is it? Is your nat device your mail server? Is it FreeBSD? etc,etc,etc. > > 'more /etc/db.ourdomain.com' says the following: > > ;MX records > @ IN MX 10 mail.ourdomain.com. What does the outside world think about your domain? Is your server authoritative for your domain: # nslookup >root Default Server: a.root-servers.net Address: 198.41.0.4 >set type=NS >yourdomain.com . . ns.yourdomain.com your_NS_IP >server your_NS_IP >set type=MX >yourdomain.com mail exchanger= mail.yourdomain.com mail.yourdomain.com your_OUTSIDE_IP >exit # I'm assuming you are running DNS. > > ;hosts > mail IN A 192.x.x.x This is a rather tricky setup because you are on a NAT'd network. You must have 2 different Name servers running (or possibly 2 subdomains), one for your public side and one for your private side. Once again, this is, of course, if you are doing DNS for your domain. > > Apparently there is something I'm missing. Any help would be appreciated > greatly. Give some more details and your probelm will probably get resolved quickly ;-) Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message