Date: Tue, 21 Nov 2000 07:54:55 -0700 (MST) From: Nick Rogness <nick@rapidnet.com> To: Hamilton Hoover <hamilton@twopoint.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@FreeBSD.ORG> Subject: Re: dual homed gateway system running ipfw and nat. need rules help. Message-ID: <Pine.BSF.4.21.0011210747001.92984-100000@rapidnet.com> In-Reply-To: <3A19B06B.1D5D9041@twopoint.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Nov 2000, Hamilton Hoover wrote: > > > > > >>1) We keep out pop server on the private net. I need to be >>able to > > > get the incoming mail passed to the mail server that >>has a 192.x.x.x > > > address. I was thinking something like: > > > > > > > > > > Incoming from the outside or inside? > > > > > > Incoming from the public net. > > > > Do you have a NAT translation setup for that machine? > > If not see below. > > I have made a change to natd.conf as you list below. I am unsure if the > syntax is correct. > > redirect_port tcp 192.x.x.x:25 209.x.x.x:25 > > I'm thinking that this will pass the mail from the external > (public)interface of the nated system to the mailserver at 192.x.x.x on > the private side. yes? > Yes this is correct! > thats the thing. I don't want public access to the mail server. I just > want the incoming mail from the public side to get passed through the > firewall to the mailserver on the private side Then all you need is the redirect_port statement. > > By divert rule do you mean the addition to natd.conf, or is there a > divert I need to put in to my firewall script as well as the add pass > tcp 25 from any to 192.x.x.x? > > > > > Another question...Do you want clients from the outside to check > > their mail via POP (or IMAP)? > > No, mail should only be checked from the private side but, on the inside > we use POP. [snip] > I looked in the natd man pages and didn't see an example of > redirect_port. man 8 natd. It's in there. > > > > > You can use redirect_port in the same way. > > > > Then set you MX record (public) to point to the above outside IP. > > The public MX record points to a name that has an alias. The alias point > to the firewall. The alias is also the machine name of the mailserver on > the inside. I would change the MX record to correspond to the redirect_port statement PUBLIC ip. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011210747001.92984-100000>