Date: Thu, 16 Dec 1999 12:20:29 -0700 From: "Scott Worthington" <SWorthington@hsag.com> To: <freebsd-questions@FreeBSD.ORG> Subject: Proper use of natd for mail (port 25)... Message-ID: <s858d921.054@internal.hsag.com>
next in thread | raw e-mail | index | archive | help
I currently use qmail on my firewall as an smtp proxy. I'd like to remove qmail and use natd to have Internet servers connect _directly_ to the private smtp server (due to strangely=20 corrupted e-mails...another issue). ...(and have the private smtp server connect to Internet servers...) My idea was to use natd and redirect the port on the public interface to the private interface. I've found numerous how-to's and much informatio= n from grog's book (a very good reference, I might add). The problem is I cannot connect to the private server on port 25 from an external public ip (Internet) machine. I _can_ connect via telnet from the firewall to the private server on port 25, so I reason it is not the firewall rules--in fact the rules are = currently wide-open for testing. I am requesting another set of eyes for help in determining what I am missing. A Xmas gift will be on its way in return :). Here are the = details. This is FreeBSD 3.4-RC. kernel has been compiled with: options IPFIREWALL options IPDIVERT BTW, the kernel boots with: IP packet filtering initialized, divert enabled, rule-based forwarding = disabled, logging limited to 100 packets/entry by default Question: What does 'rule-based forwarding disabled' mean? Is there an kernel option for it? An excerpt of /etc/rc.conf has: natd_enable=3D"YES" natd_interface=3D"fxp0" natd_options=3D"-f /etc/natd.conf" gateway_enable=3D"YES" defaultrouter has been set (and works, that is, I can browse sites and DNS works as well from the firewall) /etc/natd.conf contains: log yes #next is for testing verbose yes redirect_port tcp 192.168.83.9:25 25 redirect_port udp 192.168.83.9:25 25 My /etc/rc.firewall _only_ has (for testing purposes): /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via fxp0 /sbin/ipfw add pass all from any to any The outside (public) interface is fxp0, and the inside (private) interface is fxp1. When I go to another machine and telnet to the public interface at port 25, the firewall and natd indicate: In [TCP] [TCP] requesting_machine_ip:1079 -> public_interface_ip:25 \ aliased to [TCP] requesting_machine_ip:1079 -> 192.168.83.9:25 Okay, that looks good, but the telnet 'requesting_machine' never connects to private machine serving smtp. I can, though, telnet from the firewall = to 192.168.83.9 on port 25. After reading all the mail archives at freebsd.org, man page on natd, and how-tos and so on, I thought I got it right. Am I using natd incorrectly? I assume I have not held-my-tongue-just-right while standing on one-leg while typing, chanting wizard spells, and crossing-my-eyes. Any help would be greatly appreciated. Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?s858d921.054>