From owner-freebsd-questions@FreeBSD.ORG Mon Nov 1 17:01:18 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63FE916A4CE for ; Mon, 1 Nov 2004 17:01:18 +0000 (GMT) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id E60B143D39 for ; Mon, 1 Nov 2004 17:01:15 +0000 (GMT) (envelope-from Bill.lists@eccles.net) Received: from centipede.dreccles.net (c-67-165-17-206.client.comcast.net[67.165.17.206]) by comcast.net (sccrmhc13) with ESMTP id <20041101170115016000san0e>; Mon, 1 Nov 2004 17:01:15 +0000 Received: from localhost (localhost [127.0.0.1]) by centipede.dreccles.net (Postfix) with ESMTP id E1CE119F688; Mon, 1 Nov 2004 17:01:14 +0000 (GMT) Received: from centipede.dreccles.net ([127.0.0.1]) by localhost (centipede.dreccles.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23205-01; Mon, 1 Nov 2004 12:01:09 -0500 (EST) Received: from [127.0.0.1] (webmail.eccles.net [192.168.1.2]) by centipede.dreccles.net (Postfix) with ESMTP id 9BECE19F66E; Mon, 1 Nov 2004 12:01:04 -0500 (EST) In-Reply-To: References: <200410312349.08193.4711@chello.at> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <9B6D4C6C-2C27-11D9-A4D5-000D932C81E8@Eccles.net> Content-Transfer-Encoding: 7bit From: Bill Eccles Date: Mon, 1 Nov 2004 12:01:00 -0500 To: Aaron Nichols X-Mailer: Apple Mail (2.619) X-Virus-Scanned: by amavisd-new at dreccles.net/eccles.net cc: freebsd-questions@freebsd.org Subject: Re: ipfw configuration to intercept SMTP traffic X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Nov 2004 17:01:18 -0000 Actually, the original question contains the tidbit that the machine doing the serving is also the problem child, i.e., all of the traffic that I need to redirect is being produced on the same box from that box's SMTP server. Thanks for the explanation, though. Low-level TCP stuff is not my forte... yet. Bill On Nov 1, 2004, at 11:27 AM, Aaron Nichols wrote: >> I believe you'll have one additional problem to resolve. Even if you >> successfully modify the destination IP address and get it pointed to >> the upstream server, the source IP will be unmodified and will still >> be the originator. Since the source IP is unmodified - the upstream >> mail server will send an ACK back to the originators IP (not yours) >> which will most likely get discarded and the connection will fail. >> Most sane TCP/IP stacks will reject an ACK from an IP address to which >> it did not send a request. Since the ACK is not going to run back >> through your host (thus allowing natd another go at reversing the >> translation) this likely wont work. > > Sorry all - I had missed the post regarding use of the -proxy_rule > option, which may address this issue. > > Didn't mean to futher confuse the issue. > > Aaron >