From owner-freebsd-security  Sun Apr 23 11:25: 1 2000
Delivered-To: freebsd-security@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id 44DA137B593
	for <freebsd-security@FreeBSD.ORG>; Sun, 23 Apr 2000 11:24:57 -0700 (PDT)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id OAA70894;
	Sun, 23 Apr 2000 14:24:47 -0400 (EDT)
	(envelope-from cjc)
Date: Sun, 23 Apr 2000 14:24:47 -0400
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: Alfred Perlstein <bright@wintelcom.net>
Cc: Ron Smith <ronnetron@hotmail.com>, freebsd-security@FreeBSD.ORG
Subject: Re: Using proxys with ipfw
Message-ID: <20000423142447.E70371@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
References: <20000421175830.78962.qmail@hotmail.com> <20000421114110.D10782@fw.wintelcom.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20000421114110.D10782@fw.wintelcom.net>; from bright@wintelcom.net on Fri, Apr 21, 2000 at 11:41:10AM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Apr 21, 2000 at 11:41:10AM -0700, Alfred Perlstein wrote:
> * Ron Smith <ronnetron@hotmail.com> [000421 11:28] wrote:
> > Hello All,
> > 
> > I'm trying to determine if it's possible to implement smtp/pop, ftp, and www 
> > proxys with ipfw rules in place. If it is possible, which proxy software 
> > would be the best to use. I have a dual-homed gateway with ipfw rules in 
> > place. Everything works great ,  but I only have access to and from the 
> > Internet with NAT, at this point. I would like to add the ability to access 
> > a mail server behind a firewall from the outside world. I would also like to 
> > do the same for www and ftp services as well. Any pointers?
> 
> I'm pretty sure both ipfw and natd offer a "forward port" option,
> just check out the docs, it should be there.  I would try the ipfw
> stuff first as it's probably more effecient.

No. The 'forward' in ipfw(8) is not meant to be used in this
way. Since the original poster seems to be already using natd(8), have
a look at 'redirect_port' on the natd(8) manpage.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message