From owner-freebsd-questions  Sat Sep 30  0:57:40 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 1E7A937B503
	for <freebsd-questions@freebsd.org>; Sat, 30 Sep 2000 00:57:38 -0700 (PDT)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Sat, 30 Sep 2000 00:56:18 -0700
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8U7vO125053;
	Sat, 30 Sep 2000 00:57:24 -0700 (PDT)
	(envelope-from cjc)
Date: Sat, 30 Sep 2000 00:57:24 -0700
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Rob Hurle <rob@coombs.anu.edu.au>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: natd and ipfw
Message-ID: <20000930005724.S81242@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <Pine.GSO.4.05.10009301145190.17526-100000@caligula.anu.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.GSO.4.05.10009301145190.17526-100000@caligula.anu.edu.au>; from rob@coombs.anu.edu.au on Sat, Sep 30, 2000 at 11:59:52AM +1100
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Sep 30, 2000 at 11:59:52AM +1100, Rob Hurle wrote:
> Hi,
> 
> 	I have a problem trying to set up natd and ipfw.  The basic setup
> is fine, but my customer wants to use his mail hub which is inside the
> firewall, with a private IP address (my advice is not to do this, but has
> not been taken).  The configuration is:
> 
> 		Outside world
> 		      |
> 	FreeBSD box - FreeBSD 3.4, IPDIVERT, IPFIREWALL, etc
> 		      |
> 		Inside network, including
> 	client's mail hub.
> 
> I am trying to route all TCP port 25 through to the mail hub by using the
> natd config:
> 
> #  mail is passed straight through
> redirect_port tcp 192.168.0.15:25 25
> #  log
> log yes
> #  use sockets - ftp works better
> use_sockets yes
> #  try to keep the same ports
> same_ports yes
> 
> (I am using a config file for natd).  The relevant ipfw rules are:
> 
> 00100 1579 85136 divert 8668 ip from any to any via xl0
> 01200    0     0 allow log logamount 100 tcp from any 25 to any 25 setup
                                                        ^^
The incoming SMTP connection will not be coming from 25. And I assume
there are some more rules that you

> (from an `ipfw show` command)
> 
> Trying a telnet to port 25 on the outside interface times out with nothing
> logged, but if I remove the "redirect" in the natd config file, this is
> fine, I leap into my firwall box.
> 
> 	What am I not understanding?  Any help would be appreciated.

Hmmm... But if that is the rule you are using above, you really should
not be having success connecting to the firewall box...

And what the heck kind of firewall box is running a SMTP listener? On
a firewall,

  sendmail_enable="NO"

Fer sure.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message