From owner-freebsd-questions Fri Sep 21 15:43:26 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp014.mail.yahoo.com (smtp014.mail.yahoo.com [216.136.173.58]) by hub.freebsd.org (Postfix) with SMTP id 567A937B412 for ; Fri, 21 Sep 2001 15:43:22 -0700 (PDT) Received: from 24-159-225-186.jvl.wi.charter.com (HELO MOBILE2) (24.159.225.186) by smtp.mail.vip.sc5.yahoo.com with SMTP; 21 Sep 2001 22:43:20 -0000 X-Apparently-From: Reply-To: From: "SNF" To: "Brian Whalen" , "SNF" Cc: "Freebsd-Questions" Subject: RE: IPFW/NATD - forward all port 25, 110, 143 connections to an internal 10 series server Date: Fri, 21 Sep 2001 17:43:16 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: <20010921151828.X24747-100000@cx175057-a.ocnsd1.sdca.home.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG woops... Wasn't typing what I was thinking. > -----Original Message----- > From: Brian Whalen [mailto:bri@sonicboom.org] > Sent: Friday, September 21, 2001 5:20 PM > To: SNF > Cc: Freebsd-Questions > Subject: Re: IPFW/NATD - forward all port 25, 110, 143 connections to an > internal 10 series server > > > pop is 110, smtp is 25. > > Brian "Sonic" Whalen > Success = Preparation + Opportunity > > > On Fri, 21 Sep 2001, SNF wrote: > > > Hi, > > > > I currently have a FreeBSD 4.3 machine that is running ipfw and > natd. Two > > physically separate interfaces are installed on the machine providing an > > interior 10. series network with access to the external world > (internet). > > My provider only provides us with one IP and 5 more would > double my monthly > > costs. So, I need to use that one IP for dns, email and web > serving... I > > have a qmail server set up with a private address on the inside > and would > > like to forward all port 25, 110 and 143 connections coming to > the outside > > interface (24.159.225.186) to that server (10.10.20.40). The > crux that I > > see is that I still need to allow normal client access (from > that 10.20.20 > > network) to email servers outside of my network. So, if > someone from the > > inside wants to go to pop.mail.yahoo.com or smtp.mail.yahoo.com, I would > > like that connection to be forwarded to the server (as it has > been and has > > been working since I set up the gateway/firewall/natd box). On > the other > > hand, when someone tries to access port 25, 110 or 143 specifically on > > 24.159.225.186, I would like to have that forwarded to > 10.10.20.40. I have > > to recompile my kernel to add the IPFIREWALL_FORWARD option and > I'm simply > > not sure how to set up the rule correctly. Would something > along the lines > > of > > > > (for pop) > > ${fwcmd} add forward tcp from 24.159.225.186 25 to 10.10.20.40 25 via > > 10.10.20.1 > > > > or is there going to be much more needed? (All connections > from the inside > > are allowed to outgoing machines, so I didn't think I would need the > > opposite of this rule allowing the return connection from > 10.10.20.40 to be > > set up in a rule.) Or, is this something that would be more > appropriately > > done using a different type of rule? I will eventually want to > do the same > > thing with a web server or two... > > > > Thanks in advance, > > SF > > > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message