From nobody Tue Oct 12 16:10:58 2021 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B210F17EC572 for ; Tue, 12 Oct 2021 16:11:08 +0000 (UTC) (envelope-from bferrell@baywinds.org) Received: from baywinds.org (50-196-187-248-static.hfc.comcastbusiness.net [50.196.187.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "baywinds.org", Issuer "rr-v" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HTLHv36nkz4YJX for ; Tue, 12 Oct 2021 16:11:07 +0000 (UTC) (envelope-from bferrell@baywinds.org) Received: from [192.0.2.130] (rr-iii [192.0.2.130]) by baywinds.org (8.14.4/8.14.4) with ESMTP id 19CGAwwR006571 for ; Tue, 12 Oct 2021 09:10:58 -0700 Subject: Re: Mail Traffic To: questions@freebsd.org References: <20211012080454.f14bb36b1d92b67aaf7e1c78@web.de> From: Bruce Ferrell Message-ID: Date: Tue, 12 Oct 2021 09:10:58 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Greylist: inspected by milter-greylist-4.6.4 (baywinds.org [192.0.2.134]); Tue, 12 Oct 2021 09:10:58 -0700 (PDT) for IP:'192.0.2.130' DOMAIN:'rr-iii' HELO:'[192.0.2.130]' FROM:'bferrell@baywinds.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (baywinds.org [192.0.2.134]); Tue, 12 Oct 2021 09:10:58 -0700 (PDT) X-Rspamd-Queue-Id: 4HTLHv36nkz4YJX X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bferrell@baywinds.org designates 50.196.187.248 as permitted sender) smtp.mailfrom=bferrell@baywinds.org X-Spamd-Result: default: False [-3.29 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.999]; DMARC_NA(0.00)[baywinds.org]; NEURAL_HAM_SHORT(-0.99)[-0.994]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:7922, ipnet:50.128.0.0/9, country:US]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N On 10/12/21 8:01 AM, Tim Daneliuk via questions wrote: >> On Tue, Oct 12, 2021 at 08:04:54AM +0200, Silvio Siefke wrote: >>> Hello, >>> >>> I have VPS as webhost which blocked port 25 by ISP. Is there a chance >>> to route the traffic over the vpn Network? >>> >>> My Mailserver had the internal IP 192.168.0.109. I had try it with hosts >>> file but it will not work. >>> >>> Is there a chance to make it with pf? >> > No. 192.168.0.x is non-routable by definition. The only way around > this would be to have your perimeter firewall punch through stuff > from the outside coming in on port 25 to your VPS instance. This > is almost certainly not going to happen. > > A better way is to find a free/cheap external mail provider that will > host mail for your domain. I believe namecheap.com will do it for $10 US/year > if you use them as your domain registrar. You can then use automation on > your FreeBSD box to poll the upstream server and pull in the inbound mail > on a regular cadence. > > I use pfSense with openvpn. The remote links all carry 192.168.xx.xx addresses. My internal network, behind my firewall, carries 192.0.2.x (old sunos test network... still not routable, but not one of the usual RFC networks.  Developers lose their minds over this) I use devices behind remote firewalls that carry 10.x.x.x and VPN back to my openvpn gateway. Those devices ARE reachable via the VPN link and my 192.0.2.x network is reachable from them via the VPN link (192.168.xx.xx VPN link endpoint). So to say that the RFC networks are absolutely unroutable is slightly not accurate. Manually placing a route for an "unroutable" network is perfectly possible, if a bit odd.  It's actually done all the time for commercial VPN networks (pulsesecure, Cisco etc ).