Date: Fri, 31 Dec 1999 11:58:42 -0800 (PST) From: Steve Lewis <nepolon@systray.com> To: Jeff Lush <jeff@nerdpower.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD question Message-ID: <Pine.BSF.4.05.9912311134530.3541-100000@greg.ad9.com> In-Reply-To: <NDBBKIMGBBOBEOPLFCHIMEDHCFAA.jeff@nerdpower.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm assuming you are using /sbin/ipfw for this On Fri, 31 Dec 1999, Jeff Lush wrote: > There are 2 public IPs available: > 139.142.150.29 - assigned for mail in MX record > 139.142.150.39 - assigned for NAT/LAN traffic > > Private IP scheme: > 192.168.1.1 - mail server behind firewall > > ifconfig_de0="inet 139.142.150.39 netmask 255.255.255.0" > ifconfig_de0_alias="inet 139.162.150.39 netmask 255.255.255.0" why are you aliasing .39, perhaps you mean .29? > natd_program="/bin/natd -redirect_address 192.168.1.1 139.162.150.29" I would specify port 25 in the redirect_address option unless there is some particular need otherwise. Only requests to .29 at port 25 will be forwarded in this way, other packets will be caught by the default rule (assuming you default to disallow) and there is no need to clutter your ipfw rules. ex: -redirect_address 192.168.1.1:25 139.162.150.29:25 > My firewall ruleset first passes everything to natd and allows for port 25 > traffic to be passed into and out of the LAN (pop3 support is only needed > within the LAN). You said you have done this before so I assume you know what you are doing in your ruleset, and have no problems getting SMTP traffic through based on other ipfw rules. > 1. Will this work? aside from the alias typo above, I believe it will w/o any changes. > 2. Do I need to add additional comments to '-redirect_address'? Such as: > -redirect_address 192.168.1.1 139.162.150.29 #redirect traffic to mail > server your mailserver should feed data back to it's default gateway, so that NAT can be performed. You don't want to do this redirect. > -redirect_address 0.0.0.0 139.162.150.39 #redirect traffic to LAN - Is this > necessary? This is the function of specifying a default gateway, isn't it? Again, no need for this redirect. --Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9912311134530.3541-100000>