Date: Fri, 21 Sep 2001 16:34:00 -0500 From: "SNF" <snf_lists@yahoo.com> To: "Freebsd-Questions" <freebsd-questions@FreeBSD.ORG> Subject: IPFW/NATD - forward all port 25, 110, 143 connections to an internal 10 series server Message-ID: <LOBBKFILCMGGNDCBBCELOENDECAA.snf_lists@yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi, I currently have a FreeBSD 4.3 machine that is running ipfw and natd. Two physically separate interfaces are installed on the machine providing an interior 10. series network with access to the external world (internet). My provider only provides us with one IP and 5 more would double my monthly costs. So, I need to use that one IP for dns, email and web serving... I have a qmail server set up with a private address on the inside and would like to forward all port 25, 110 and 143 connections coming to the outside interface (24.159.225.186) to that server (10.10.20.40). The crux that I see is that I still need to allow normal client access (from that 10.20.20 network) to email servers outside of my network. So, if someone from the inside wants to go to pop.mail.yahoo.com or smtp.mail.yahoo.com, I would like that connection to be forwarded to the server (as it has been and has been working since I set up the gateway/firewall/natd box). On the other hand, when someone tries to access port 25, 110 or 143 specifically on 24.159.225.186, I would like to have that forwarded to 10.10.20.40. I have to recompile my kernel to add the IPFIREWALL_FORWARD option and I'm simply not sure how to set up the rule correctly. Would something along the lines of (for pop) ${fwcmd} add forward tcp from 24.159.225.186 25 to 10.10.20.40 25 via 10.10.20.1 or is there going to be much more needed? (All connections from the inside are allowed to outgoing machines, so I didn't think I would need the opposite of this rule allowing the return connection from 10.10.20.40 to be set up in a rule.) Or, is this something that would be more appropriately done using a different type of rule? I will eventually want to do the same thing with a web server or two... Thanks in advance, SF _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBKFILCMGGNDCBBCELOENDECAA.snf_lists>