Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Nov 2000 17:22:15 -0600
From:      Hamilton Hoover <hamilton@twopoint.com>
To:        Daniel Podolsky <daniel.podolsky@twelvehorses.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: dual homed gateway system running ipfw and nat. need rules help.
Message-ID:  <3A19B227.F1CF7F31@twopoint.com>
References:  <856E94D34FF3D311B5FE00508B6B8BD22A34F9@BlackWidow.twelvehorses.int>
next in thread | previous in thread | raw e-mail | index | archive | help 

Daniel Podolsky wrote:
> 
> Hi,
> 
> >>>${fwcmd} pass tcp from any 25 to 192.x.x.x
> Will not work because nobody in internet know how to reach your private
> addresses.
>

The public MX record point mail to the firewall. I want the firewall to
take mail and pass to internal (private) server.

> As far as I can understand you have a mail server inside and you would like
> incoming mail to be delivered to this server. Is it quite?

yes

> Also you would like to use your qmail inside as a outgoing server for your
> mail clients.  Is it quite?

yes

> 
> The simple and finest solution is to configure your gateway as a mail relay.
> Gateway should receive you mail and forward it to your inside server. Also
> gateway should receive mails from inside and relay it to Internet. Use
> "mailertable" feature for sendmail or "smtproutes" for qmail. Do not forget
> to allow corresponding traffic in a IPFW.
> something like
> allow tcp from any to <YourPublicAddress> 25
> allow tcp from <YourPublicAddress> to any 25
> Please do nor hesitate to ask again if something unclear.
> 
> Also you can comfigure your gateway for divetr incoming packets to port 25
> to you inside mail server but it is more sophisticated...

I would like to use some combination of ipfw and NAT to get the mail to
the right place.

I have so far made the ipfw rule.

pass tcp from any 25 to <internalmailserver>

thinking that this would do the trick. It has had no effect.

I also added a rule to natd.conf

redirect_port tcp <internalmailserver> 25 <publicfirewall> 25

But I am unsure if this is correct and I havn't found any useful
information on the correct syntax for natd.conf

Hamilton Hoover


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A19B227.F1CF7F31>