From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 21 20:29:46 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EB19416A55A
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Apr 2005 20:29:45 +0000 (GMT)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4463243D49
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Apr 2005 20:29:45 +0000 (GMT)
	(envelope-from gibblertron@gmail.com)
Received: by rproxy.gmail.com with SMTP id z35so533641rne
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Apr 2005 13:29:44 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=sZAkLvJGvQKm5hFa0C5ClL+NUO0a2BFKQ1r/YvdD5AZid5qS5beucUj8puBnX++mN23HmFN0WW01dPMMDAUMgIO0POS7atcRZT9cnCGZZgn35SxmxKbdasYsTLjZnvXwYtkUZxBHiUJehWeiYX9R38EwhoII166wgJFnNzi99yM=
Received: by 10.38.75.59 with SMTP id x59mr2667152rna;
        Thu, 21 Apr 2005 13:29:44 -0700 (PDT)
Received: by 10.38.79.52 with HTTP; Thu, 21 Apr 2005 13:29:44 -0700 (PDT)
Message-ID: <b043a485050421132942116800@mail.gmail.com>
Date: Thu, 21 Apr 2005 13:29:44 -0700
From: patrick <gibblertron@gmail.com>
To: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: Forwarding external-bound packets internally with ipfw
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: patrick <gibblertron@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2005 20:29:47 -0000

I have a few servers, and I'd like to force secondary servers to
deliver mail to the primary via a private network (each server is
dual-homed). Mail would be deemed "local" (destined for my LAN) by
specifying a bunch of CIDRs. I would like to accomplish this using
ipfw's forwarding support, but I am having a problem getting the rule
right. I first tried using ipfw forward, but after reading the man
page in greater detail, it seems like this likely won't work.

My next thought is to use ipfw's divert functionality in conjunction
with natd, but it is not clear to me how I could tell natd to forward
to the correct internal server using the redirect_port option.
Ideally, I would like to maintain only one list of IP blocks.
Additionally, it seems like natd wants you define a rule per IP, which
will get to be rather annoying when dealing with hundreds of IPs that
could easily be classified using a mask.

An example of what I want to do follows:

Server A: public IPs: 1.2.3.0/24, private IP: 192.168.0.1
Server B: public IPs: 2.3.4.0/24, private IP: 192.168.0.2
Server C: public IPs: 3.4.5.0/24, private IP: 192.168.0.3

When Server B accepts mail destined for Server A, I would like it to
route through 192.168.0.1 rather than the public IP.

The same goes for if Server C accepts mail for Server A or B using the
respective internal IP.

This isn't really relevant, but I'm using Postfix as my mailer. It
does have an option to force a relay_host, but it will not let you
differentiate destinations. This works fine with two hosts on the
network, but not for three or more.

Any ideas of how I could accomplish this?

Thanks very much,

Patrick