From owner-freebsd-net  Mon Nov 20 10:28:57 2000
Delivered-To: freebsd-net@freebsd.org
Received: from alice.twopoint.com (unknown [209.64.88.26])
	by hub.freebsd.org (Postfix) with ESMTP
	id 54F7337B479; Mon, 20 Nov 2000 10:28:52 -0800 (PST)
Received: from twopoint.com (hamilton@fred.twopoint.com [192.168.1.3])
	by alice.twopoint.com (8.8.7/8.8.7) with ESMTP id MAA05973;
	Mon, 20 Nov 2000 12:30:16 -0600
Message-ID: <3A196E28.3A9806A1@twopoint.com>
Date: Mon, 20 Nov 2000 12:32:08 -0600
From: Hamilton Hoover <hamilton@twopoint.com>
Organization: Two Point Conversions, INC.
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16-22 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>,
	"freebsd-questions@FreeBSD.ORG" <freebsd-questions@freebsd.org>
Subject: dual homed gateway system running ipfw and nat. need rules help.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi all,

I am running a dual homed system (2 nics) acting as a gateway/firewall
for our office T1. The private net uses 192.x.x.x and the public uses a
'real' address of 209.x.x.x. The firewall is up and seems to be working
well. I used rc.firewall "simple" and have customized it to our needs.
All outgoing requests appear to to originating from the public
interface. I want to be able to do two things that I have not been able
to figure out yet.

1) We keep out pop server on the private net. I need to be able to get
the incoming mail passed to the mail server that has a 192.x.x.x
address. I was thinking something like:

${fwcmd} pass tcp from any 25 to 192.x.x.x

Is this solid or am I opening myself up from more problems. I don't want
to relay from outside as mail is only checked from inside the private
side.

2) We want to be able to use the gateway/firewall as a PPTP server.
After asking a few questions I decided to go with mpd. I have installed
this and that seems ok. But I also need a rule to allow the incoming
connection from the public net. All connections will be coming from home
users running win9x who have static 'real' ip address. Also as i have
never used mpd or set up a vpn any suggestions on this set up would be
wonderfully helpful.

Hamilton Hoover


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message