From owner-freebsd-questions  Thu Oct 22 12:36:04 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA15577
          for freebsd-questions-outgoing; Thu, 22 Oct 1998 12:36:04 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from lily.ezo.net (lily.ezo.net [206.102.130.13])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15500;
          Thu, 22 Oct 1998 12:36:01 -0700 (PDT)
          (envelope-from jflowers@ezo.net)
Received: from lily.ezo.net (jflowers@localhost.ezo.net [127.0.0.1])
	by lily.ezo.net (8.8.7/8.8.7) with SMTP id PAA07445;
	Thu, 22 Oct 1998 15:35:11 -0400 (EDT)
Date: Thu, 22 Oct 1998 15:35:11 -0400 (EDT)
From: Jim Flowers <jflowers@ezo.net>
To: Chad Thunberg <chadth@atvideo.com>
cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: Re: firewall + internal mail server
In-Reply-To: <000501bdfdde$1f5f53b0$ef2376cc@tarn.atvideo.com>
Message-ID: <Pine.BSI.3.91.981022152536.5748B-100000@lily.ezo.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Just did it.  Very simple to implement NAT (natd) and use the 
redirect-port capability:

natd - interface ed0 redirect_port other_host:smtp smtp  \
-redirect_port other_host:pop3 pop3

All your other reserved addresses will be translated per usual.  Works 
like a charm with MS Exchange.

Jim Flowers <jflowers@ezo.net>
#4 ISP on C|NET, #1 in Ohio

On Thu, 22 Oct 1998, Chad Thunberg wrote:

> I am setting up a firewall and enabled natd but have an internal mail
> server.  Is there a way to still be able to access the internal mail server
> from the outside for sending and receiving email?  I thought about giving
> the firewall a vhost of mail.host.com and diverting packets that came in
> from 110 and 25 to the internal mail server but from the man pages, divert
> seems to be used for diverting packets from one port to another on the same
> machine instead of diverting them to a new or ineternal ip.  Any help on the
> subject would be great.  I would rather not put the mail server outside of
> the firewall.

good idea, although on a perimeter network with a good wrapper is even
better.

 > 
> Thanks,
> -Chad
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message