Date: Fri, 21 Sep 2001 17:43:16 -0500 From: "SNF" <snf_lists@yahoo.com> To: "Brian Whalen" <bri@sonicboom.org>, "SNF" <snf_lists@yahoo.com> Cc: "Freebsd-Questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: IPFW/NATD - forward all port 25, 110, 143 connections to an internal 10 series server Message-ID: <LOBBKFILCMGGNDCBBCELIENHECAA.snf_lists@yahoo.com> In-Reply-To: <20010921151828.X24747-100000@cx175057-a.ocnsd1.sdca.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
woops... Wasn't typing what I was thinking. > -----Original Message----- > From: Brian Whalen [mailto:bri@sonicboom.org] > Sent: Friday, September 21, 2001 5:20 PM > To: SNF > Cc: Freebsd-Questions > Subject: Re: IPFW/NATD - forward all port 25, 110, 143 connections to an > internal 10 series server > > > pop is 110, smtp is 25. > > Brian "Sonic" Whalen > Success = Preparation + Opportunity > > > On Fri, 21 Sep 2001, SNF wrote: > > > Hi, > > > > I currently have a FreeBSD 4.3 machine that is running ipfw and > natd. Two > > physically separate interfaces are installed on the machine providing an > > interior 10. series network with access to the external world > (internet). > > My provider only provides us with one IP and 5 more would > double my monthly > > costs. So, I need to use that one IP for dns, email and web > serving... I > > have a qmail server set up with a private address on the inside > and would > > like to forward all port 25, 110 and 143 connections coming to > the outside > > interface (24.159.225.186) to that server (10.10.20.40). The > crux that I > > see is that I still need to allow normal client access (from > that 10.20.20 > > network) to email servers outside of my network. So, if > someone from the > > inside wants to go to pop.mail.yahoo.com or smtp.mail.yahoo.com, I would > > like that connection to be forwarded to the server (as it has > been and has > > been working since I set up the gateway/firewall/natd box). On > the other > > hand, when someone tries to access port 25, 110 or 143 specifically on > > 24.159.225.186, I would like to have that forwarded to > 10.10.20.40. I have > > to recompile my kernel to add the IPFIREWALL_FORWARD option and > I'm simply > > not sure how to set up the rule correctly. Would something > along the lines > > of > > > > (for pop) > > ${fwcmd} add forward tcp from 24.159.225.186 25 to 10.10.20.40 25 via > > 10.10.20.1 > > > > or is there going to be much more needed? (All connections > from the inside > > are allowed to outgoing machines, so I didn't think I would need the > > opposite of this rule allowing the return connection from > 10.10.20.40 to be > > set up in a rule.) Or, is this something that would be more > appropriately > > done using a different type of rule? I will eventually want to > do the same > > thing with a web server or two... > > > > Thanks in advance, > > SF > > > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBKFILCMGGNDCBBCELIENHECAA.snf_lists>