Date: Fri, 10 Mar 2000 15:05:20 -0500 (EST) From: Omachonu Ogali <oogali@intranova.net> To: Matthew Hagerty <matthew@venux.net> Cc: isp@freebsd.org Subject: Re: POP3 proxy possible? Message-ID: <Pine.BSF.4.10.10003101504500.22637-100000@hydrant.intranova.net> In-Reply-To: <4.2.2.20000307101901.00a20200@mail.venux.net>
next in thread | previous in thread | raw e-mail | index | archive | help
ipfw add fwd ip.address,port from any to my.ip.address.com 110 On Tue, 7 Mar 2000, Matthew Hagerty wrote: > Greetings, > > I was wondering if there is a way to proxy a port, specifically pop3(110), > to another computer. Something like: > > "If a connection comes in on my port 110, forward to ip:port" > > What I have is a firewall setup like this: > > Internet > | > | > +--------+ +---------+ > | router | | Bastion | > +--------+ +---------+ > | Perimeter Network | > +--------------------------------------+ > Real IP assignment | > | > +-----------+ > | Firewall | > | NATd IPFW | > +-----------+ > | > +----------------------------------+ > | Fake IP assignment 10.0.0.0/24 > +------+ > | pop3 | > +------+ > > I need to enable external access of pop3 (I know, I know, but it is not my > decision). > > The first problem is that an external pop3 client cannot route to a fake > IP, so they have to pop3 to a real host, i.e. the bastion. The bastion > would then forward the request to the firewall machine which knows how to > route to the internal server. The bastion host also has a static route so > it knows that 10.0.0.0/24 should be routed to the firewall. > > The second problem is that the firewall will only accept packets from the > bastion host, so external pop3 clients cannot connect directly to the > firewall machine to have the pop3 request forwarded. > > What I though I needed was a simple "port pass-though" program of some > sort. I thought NATd could do this with the -reverse, -proxy_only, and > -proxy_rule parameters, but I could not get it to work. I could not find > any other docs or examples on NATd other than the man page, is there any? > > One other thing, can NATd be run without IPFIREWALL? In this case I don't > need a firewall, so can I leave the option out of my kernel and just use > IPDIVERT? > > Any insight would be greatly appreciated! > > Thank you, > Matthew Hagerty > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10003101504500.22637-100000>