Date: Fri, 21 Sep 2001 17:43:16 -0500 From: "SNF" <snf_lists@yahoo.com> To: "Brian Whalen" <bri@sonicboom.org>, "SNF" <snf_lists@yahoo.com> Cc: "Freebsd-Questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: IPFW/NATD - forward all port 25, 110, 143 connections to an internal 10 series server Message-ID: <LOBBKFILCMGGNDCBBCELIENHECAA.snf_lists@yahoo.com> In-Reply-To: <20010921151828.X24747-100000@cx175057-a.ocnsd1.sdca.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
woops... Wasn't typing what I was thinking.
> -----Original Message-----
> From: Brian Whalen [mailto:bri@sonicboom.org]
> Sent: Friday, September 21, 2001 5:20 PM
> To: SNF
> Cc: Freebsd-Questions
> Subject: Re: IPFW/NATD - forward all port 25, 110, 143 connections to an
> internal 10 series server
>
>
> pop is 110, smtp is 25.
>
> Brian "Sonic" Whalen
> Success = Preparation + Opportunity
>
>
> On Fri, 21 Sep 2001, SNF wrote:
>
> > Hi,
> >
> > I currently have a FreeBSD 4.3 machine that is running ipfw and
> natd. Two
> > physically separate interfaces are installed on the machine providing an
> > interior 10. series network with access to the external world
> (internet).
> > My provider only provides us with one IP and 5 more would
> double my monthly
> > costs. So, I need to use that one IP for dns, email and web
> serving... I
> > have a qmail server set up with a private address on the inside
> and would
> > like to forward all port 25, 110 and 143 connections coming to
> the outside
> > interface (24.159.225.186) to that server (10.10.20.40). The
> crux that I
> > see is that I still need to allow normal client access (from
> that 10.20.20
> > network) to email servers outside of my network. So, if
> someone from the
> > inside wants to go to pop.mail.yahoo.com or smtp.mail.yahoo.com, I would
> > like that connection to be forwarded to the server (as it has
> been and has
> > been working since I set up the gateway/firewall/natd box). On
> the other
> > hand, when someone tries to access port 25, 110 or 143 specifically on
> > 24.159.225.186, I would like to have that forwarded to
> 10.10.20.40. I have
> > to recompile my kernel to add the IPFIREWALL_FORWARD option and
> I'm simply
> > not sure how to set up the rule correctly. Would something
> along the lines
> > of
> >
> > (for pop)
> > ${fwcmd} add forward tcp from 24.159.225.186 25 to 10.10.20.40 25 via
> > 10.10.20.1
> >
> > or is there going to be much more needed? (All connections
> from the inside
> > are allowed to outgoing machines, so I didn't think I would need the
> > opposite of this rule allowing the return connection from
> 10.10.20.40 to be
> > set up in a rule.) Or, is this something that would be more
> appropriately
> > done using a different type of rule? I will eventually want to
> do the same
> > thing with a web server or two...
> >
> > Thanks in advance,
> > SF
> >
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBKFILCMGGNDCBBCELIENHECAA.snf_lists>