From owner-freebsd-questions  Fri Sep 29 17:59:58 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42])
	by hub.freebsd.org (Postfix) with ESMTP id E019537B66C
	for <freebsd-questions@freebsd.org>; Fri, 29 Sep 2000 17:59:54 -0700 (PDT)
Received: from localhost (rob@localhost)
	by caligula.anu.edu.au (8.9.3/8.9.3) with ESMTP id LAA19693
	for <freebsd-questions@freebsd.org>; Sat, 30 Sep 2000 11:59:52 +1100 (EST)
X-Authentication-Warning: caligula.anu.edu.au: rob owned process doing -bs
Date: Sat, 30 Sep 2000 11:59:52 +1100 (EST)
From: Rob Hurle <rob@coombs.anu.edu.au>
X-Sender: rob@caligula.anu.edu.au
To: freebsd-questions@freebsd.org
Subject: natd and ipfw
Message-ID: <Pine.GSO.4.05.10009301145190.17526-100000@caligula.anu.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,

	I have a problem trying to set up natd and ipfw.  The basic setup
is fine, but my customer wants to use his mail hub which is inside the
firewall, with a private IP address (my advice is not to do this, but has
not been taken).  The configuration is:

		Outside world
		      |
	FreeBSD box - FreeBSD 3.4, IPDIVERT, IPFIREWALL, etc
		      |
		Inside network, including
	client's mail hub.

I am trying to route all TCP port 25 through to the mail hub by using the
natd config:

#  mail is passed straight through
redirect_port tcp 192.168.0.15:25 25
#  log
log yes
#  use sockets - ftp works better
use_sockets yes
#  try to keep the same ports
same_ports yes

(I am using a config file for natd).  The relevant ipfw rules are:

00100 1579 85136 divert 8668 ip from any to any via xl0
01200    0     0 allow log logamount 100 tcp from any 25 to any 25 setup

(from an `ipfw show` command)

Trying a telnet to port 25 on the outside interface times out with nothing
logged, but if I remove the "redirect" in the natd config file, this is
fine, I leap into my firwall box.

	What am I not understanding?  Any help would be appreciated.

Thanks to all,

Rob Hurle
	----------------------------------------------------------
	Rob Hurle			     rob@coombs.anu.edu.au
	Connect-A			      Tel: +61 2 6247 2397
	PO Box 13			      Fax: +61 2 6248 8905
	Ainslie  ACT  2602		      Mobile: 0417 293 603
	Australia
	----------------------------------------------------------



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message