From owner-freebsd-isp@FreeBSD.ORG Fri Jun 25 19:32:26 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE70E16A4CE for ; Fri, 25 Jun 2004 19:32:26 +0000 (GMT) Received: from thehousleys.net (frenchknot.ne.client2.attbi.com [24.34.30.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1273643D67 for ; Fri, 25 Jun 2004 19:32:26 +0000 (GMT) (envelope-from jim@thehousleys.net) Received: from localhost (localhost [127.0.0.1]) by thehousleys.net (8.12.11/8.12.11) with ESMTP id i5PJUKXD059124; Fri, 25 Jun 2004 15:30:20 -0400 (EDT) (envelope-from jim@thehousleys.net) Received: from thehousleys.net ([127.0.0.1]) by localhost (cat.int.thehousleys.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58688-06; Fri, 25 Jun 2004 15:30:17 -0400 (EDT) Received: from [192.168.0.105] (pied.int.thehousleys.net [192.168.0.105]) (authenticated bits=0) by thehousleys.net (8.12.11/8.12.11) with ESMTP id i5PJUCBN059115; Fri, 25 Jun 2004 15:30:12 -0400 (EDT) (envelope-from jim@thehousleys.net) In-Reply-To: <028201c45ade$5a6b2f70$6400a8c0@chivas> References: <028201c45ade$5a6b2f70$6400a8c0@chivas> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-3-362945887; protocol="application/pkcs7-signature" Message-Id: <13740EED-C6DE-11D8-9698-000393C28CD4@thehousleys.net> From: James Housley Date: Fri, 25 Jun 2004 15:30:11 -0400 To: "Gustavo A. Baratto" X-Mailer: Apple Mail (2.618) X-Virus-Scanned: by amavisd-new at thehousleys.net X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-isp@freebsd.org Subject: Re: ipfw and mail X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jun 2004 19:32:26 -0000 --Apple-Mail-3-362945887 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Jun 25, 2004, at 2:00 PM, Gustavo A. Baratto wrote: > Hello guys, > > some of our users' ISPs don't allow them to use port 25, so they > cannot use out mail server. > > I want to open a new port (2525) and forward all packets from 2525 to > 25 so, they can use mail. > > I tried this in IPFW: > 0100 119649 44772439 allow tcp from any to me dst-port 25 keep-state > 0200 0 0 divert 25 ip from any to me dst-port 2525 > keep-state > 0300 103075 35531648 allow ip from me to any keep-state > 0400 60 4530 deny log ip from any to any > > > If I telnet directly to port 25, I can get the prompt, but if I telnet > to port 2525, I get a connection refused. > > What should I do in ipfw to forward port 2525 to port 25 tranparently? > I have done that with natd and ipfw. I think you want a forward rule instead of divert Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. --Apple-Mail-3-362945887--