Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Sep 2001 16:34:00 -0500
From:      "SNF" <snf_lists@yahoo.com>
To:        "Freebsd-Questions" <freebsd-questions@FreeBSD.ORG>
Subject:   IPFW/NATD - forward all port 25, 110, 143 connections to an internal 10 series server
Message-ID:  <LOBBKFILCMGGNDCBBCELOENDECAA.snf_lists@yahoo.com>
next in thread | raw e-mail | index | archive | help 
Hi,

I currently have a FreeBSD 4.3 machine that is running ipfw and natd.  Two
physically separate interfaces are installed on the machine providing an
interior 10. series network with access to the external world (internet).
My provider only provides us with one IP and 5 more would double my monthly
costs.  So, I need to use that one IP for dns, email and web serving...  I
have a qmail server set up with a private address on the inside and would
like to forward all port 25, 110 and 143 connections coming to the outside
interface (24.159.225.186) to that server (10.10.20.40).  The crux that I
see is that I still need to allow normal client access (from that 10.20.20
network) to email servers outside of my network.  So, if someone from the
inside wants to go to pop.mail.yahoo.com or smtp.mail.yahoo.com, I would
like that connection to be forwarded to the server (as it has been and has
been working since I set up the gateway/firewall/natd box).  On the other
hand, when someone tries to access port 25, 110 or 143 specifically on
24.159.225.186, I would like to have that forwarded to 10.10.20.40.  I have
to recompile my kernel to add the IPFIREWALL_FORWARD option and I'm simply
not sure how to set up the rule correctly.  Would something along the lines
of

(for pop)
${fwcmd} add forward tcp from 24.159.225.186 25 to 10.10.20.40 25 via
10.10.20.1

or is there going to be much more needed?  (All connections from the inside
are allowed to outgoing machines, so I didn't think I would need the
opposite of this rule allowing the return connection from 10.10.20.40 to be
set up in a rule.)  Or, is this something that would be more appropriately
done using a different type of rule?  I will eventually want to do the same
thing with a web server or two...

Thanks in advance,
SF


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBKFILCMGGNDCBBCELOENDECAA.snf_lists>