Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Feb 2004 09:00:45 -0600
From:      Nathan Kinkade <nkinkade@ub.edu.bz>
To:        Edison Cala <edison@sflu.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: port forwarding and ip-less firewall
Message-ID:  <20040225150045.GE11671@nkinkade.bmp.ub>
In-Reply-To: <200402251719.AA14090702@sflu.com>
References:  <200402251719.AA14090702@sflu.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--fQa200R4EO7jAQ6Z
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 25, 2004 at 05:19:35PM +0800, Edison Cala  wrote:
> hello list!
>=20
> i want to ask some help on port forwarding in a bridge-firewall
> network.
>=20
> our network setup is:
>=20
> 1. the router is outside the firewall, direct to the internet.
> 2. the bridge-firewall computer (2 ethernet cards installed, eth0 -
> outside (router), eth1 - protected network) is between the router and
> the protected network.
>=20
> all the servers are behind the firewall and only opened the allowed
> ports. i have 2 mail servers (unit1.domain.com and unit2.domain.com)
> running on the protected network, unit1.domain.com is just an smtp
> relay for unit2.domain.com and its working fine. however, i want to
> put a rule (port forward) in firewall to forward request destined to
> unit2.domain.com (port 25), but that request should be first passed to
> unit1.domain.com (for antispam processing) before unit2. unit1 should
> then be the one to forward the request to unit2.domain.com.
>=20
> why i want to do this is that, some mails are getting through and
> received at unit2 without passing to unit1. in mx, unit1 is the 1st
> prio and unit2 is 2nd prio only.
>=20
> please help and give an idea on port forwarding rules between two
> servers within the protected network.
>=20
> thank you!
>=20
> edison cala

I think this would normally be handled using a 'fwd' rule (man ipfw),
but the manpage specifically states:

"A fwd rule will not match layer-2 packets (those received on
ether_input, ether_output, or bridged)."

So, I'm not sure how you could implement this when using ipfw on a
bridged interface.

Nathan
--=20
gpg --keyserver pgp.mit.edu --recv-keys D8527E49

--fQa200R4EO7jAQ6Z
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQFAPLidO0ZIEthSfkkRAncOAKDdVPiGB2xDCGUEoMAtaaApCcY3GwCgxczH
QLLL/CVeqKqELN8Vo6BRxa0=
=0mgA
-----END PGP SIGNATURE-----

--fQa200R4EO7jAQ6Z--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040225150045.GE11671>