From owner-freebsd-net Tue Nov 21 6:56:28 2000 Delivered-To: freebsd-net@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id A0DC237B4D7 for ; Tue, 21 Nov 2000 06:56:23 -0800 (PST) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id HAA96987; Tue, 21 Nov 2000 07:55:01 -0700 (MST) Date: Tue, 21 Nov 2000 07:54:55 -0700 (MST) From: Nick Rogness To: Hamilton Hoover Cc: "freebsd-net@freebsd.org" Subject: Re: dual homed gateway system running ipfw and nat. need rules help. In-Reply-To: <3A19B06B.1D5D9041@twopoint.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 20 Nov 2000, Hamilton Hoover wrote: > > > > > >>1) We keep out pop server on the private net. I need to be >>able to > > > get the incoming mail passed to the mail server that >>has a 192.x.x.x > > > address. I was thinking something like: > > > > > > > > > > Incoming from the outside or inside? > > > > > > Incoming from the public net. > > > > Do you have a NAT translation setup for that machine? > > If not see below. > > I have made a change to natd.conf as you list below. I am unsure if the > syntax is correct. > > redirect_port tcp 192.x.x.x:25 209.x.x.x:25 > > I'm thinking that this will pass the mail from the external > (public)interface of the nated system to the mailserver at 192.x.x.x on > the private side. yes? > Yes this is correct! > thats the thing. I don't want public access to the mail server. I just > want the incoming mail from the public side to get passed through the > firewall to the mailserver on the private side Then all you need is the redirect_port statement. > > By divert rule do you mean the addition to natd.conf, or is there a > divert I need to put in to my firewall script as well as the add pass > tcp 25 from any to 192.x.x.x? > > > > > Another question...Do you want clients from the outside to check > > their mail via POP (or IMAP)? > > No, mail should only be checked from the private side but, on the inside > we use POP. [snip] > I looked in the natd man pages and didn't see an example of > redirect_port. man 8 natd. It's in there. > > > > > You can use redirect_port in the same way. > > > > Then set you MX record (public) to point to the above outside IP. > > The public MX record points to a name that has an alias. The alias point > to the firewall. The alias is also the machine name of the mailserver on > the inside. I would change the MX record to correspond to the redirect_port statement PUBLIC ip. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message