From owner-freebsd-questions Fri Sep 28 20:13:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 5D26E37B40A for ; Fri, 28 Sep 2001 20:13:13 -0700 (PDT) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f8T3D9a76877; Fri, 28 Sep 2001 22:13:09 -0500 (CDT) (envelope-from nick@rogness.net) Date: Fri, 28 Sep 2001 22:13:09 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Bryce Newall Cc: FreeBSD Questions List Subject: Re: Natd/ipfw/redirect issue In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 28 Sep 2001, Bryce Newall wrote: [snip] > > The rule I added was: > > ipfw add fwd 192.168.1.201,25 tcp from any to 25 > > I'm assuming I have the syntax correct, i.e. "forward anything > destined for on port 25 to 192.168.1.201 on port > 25". I even tried adding "via xl1" (xl1 = the internal interface on > the FreeBSD firewall), but still no luck. I had hoped that such an > ipfw rule would allow both internal machines to reach the mail server > properly, *and* allow external machines to reach it. With just the > ipfw rule in place, no machines could reach it at all. Using natd, > external machines could reach it, but not internal ones. NO! You want to use the redirect_port option to natd NOT IPFW FWD!!! man natd Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message