Date: Fri, 10 Mar 2000 09:25:28 -0600 (CST) From: Vaevictus Asmadi <vae@socket.net> To: Matthew Hagerty <matthew@venux.net> Cc: isp@freebsd.org Subject: Re: POP3 proxy possible? Message-ID: <Pine.LNX.4.21.0003100921490.23308-100000@vaevictus.socket.net> In-Reply-To: <4.2.2.20000307101901.00a20200@mail.venux.net>
next in thread | previous in thread | raw e-mail | index | archive | help
SSH2 (and 1?) does port forwarding in the commandline... In a couple of instances, I just connected to the computer i want to forward to, and to keep the tunnel open, I executed a program that didn't exit. It's a bit messy, but it solves some of the problems related here. ssh2 otherhost -L localport:remotehost:remoteport is kinda how it works. This also has the advantage of encrypting the tunnel. not very useful with pop3, i'm afraid, but of course, this is a universal port forward process. n8 On Tue, 7 Mar 2000, Matthew Hagerty wrote: > Greetings, > > I was wondering if there is a way to proxy a port, specifically pop3(110), > to another computer. Something like: > > "If a connection comes in on my port 110, forward to ip:port" > > What I have is a firewall setup like this: > > Internet > | > | > +--------+ +---------+ > | router | | Bastion | > +--------+ +---------+ > | Perimeter Network | > +--------------------------------------+ > Real IP assignment | > | > +-----------+ > | Firewall | > | NATd IPFW | > +-----------+ > | > +----------------------------------+ > | Fake IP assignment 10.0.0.0/24 > +------+ > | pop3 | > +------+ > > I need to enable external access of pop3 (I know, I know, but it is not my > decision). > > The first problem is that an external pop3 client cannot route to a fake > IP, so they have to pop3 to a real host, i.e. the bastion. The bastion > would then forward the request to the firewall machine which knows how to > route to the internal server. The bastion host also has a static route so > it knows that 10.0.0.0/24 should be routed to the firewall. > > The second problem is that the firewall will only accept packets from the > bastion host, so external pop3 clients cannot connect directly to the > firewall machine to have the pop3 request forwarded. > > What I though I needed was a simple "port pass-though" program of some > sort. I thought NATd could do this with the -reverse, -proxy_only, and > -proxy_rule parameters, but I could not get it to work. I could not find > any other docs or examples on NATd other than the man page, is there any? > > One other thing, can NATd be run without IPFIREWALL? In this case I don't > need a firewall, so can I leave the option out of my kernel and just use > IPDIVERT? > > Any insight would be greatly appreciated! > > Thank you, > Matthew Hagerty > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- *------------------------------------* "Art may imitate life, but life imitates TV." --- Ani Difranco, Superhero *------------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0003100921490.23308-100000>