From owner-freebsd-questions@FreeBSD.ORG Sun Oct 31 22:49:14 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BE2916A4CE for ; Sun, 31 Oct 2004 22:49:14 +0000 (GMT) Received: from chello084114137224.1.15.vie.surfer.at (chello084114137224.1.15.vie.surfer.at [84.114.137.224]) by mx1.FreeBSD.org (Postfix) with SMTP id B511843D31 for ; Sun, 31 Oct 2004 22:49:10 +0000 (GMT) (envelope-from 4711@chello.at) Received: (qmail 87166 invoked from network); 31 Oct 2004 22:49:08 -0000 Received: from matrix010.matrix.net (192.168.123.10) by ns.matrix.net with SMTP; 31 Oct 2004 22:49:08 -0000 From: Christian Hiris <4711@chello.at> To: freebsd-questions@freebsd.org Date: Sun, 31 Oct 2004 23:48:32 +0100 User-Agent: KMail/1.7 References: In-Reply-To: Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200410312349.08193.4711@chello.at> cc: Bill Eccles Subject: Re: ipfw configuration to intercept SMTP traffic X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Oct 2004 22:49:14 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 31 October 2004 21:39, Bill Eccles wrote: > Gentleones, > > I have a commercial website/mail product running on a box. Unfortunately, > the product is not so smart and when it needs to bounce something, it > ignores the SMTP "Always Relay Via" setting and attempts to connect > directly to the mail exchanger for the domain it's bouncing to. > > So what I figure I can do is redirect port 25 of "me" to any to port 25 of > the upstream server at aa.bb.cc.dd. That makes sense, right? So I'd > probably use: You mean redirect [from me to any destination-port 25] to upstream server aa.bb.cc.dd port 25? > ipfw add 8000 divert 25 all from me to aa.bb.cc.dd via en0 Your rule seems to be wrong. It uses port 25 to setup the divert-socket, and matches all source-ports. The divert-socket default-port is 8668 (natd). ipfw add 8000 divert natd all from me to any 25 via en0 Are you running natd on your machine? Natd reads/writes the packets from/to the divert-socket and changes IP-address and portnumber as defined by natd options or in your natd.conf file. In your case I would run natd with the option '-proxy_rule port 25 server aa.bb.cc.dd:25'. Natd-setup is documented in 'man 8 natd'. HTH, ch - -- Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x3BCA53BE OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBhWvk09WjGjvKU74RAh6VAJ9H6yEohPLFCBSRdJ+SNDA3nOycrACfaVqo C4tHUn2wstlv22ktbSCaFKU= =4jCL -----END PGP SIGNATURE-----