From owner-freebsd-questions  Mon Nov 20 11:44:17 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from alice.twopoint.com (unknown [209.64.88.26])
	by hub.freebsd.org (Postfix) with ESMTP
	id 274EC37B479; Mon, 20 Nov 2000 11:44:12 -0800 (PST)
Received: from twopoint.com (hamilton@fred.twopoint.com [192.168.1.3])
	by alice.twopoint.com (8.8.7/8.8.7) with ESMTP id NAA06193;
	Mon, 20 Nov 2000 13:44:55 -0600
Message-ID: <3A197FA5.95299923@twopoint.com>
Date: Mon, 20 Nov 2000 13:46:45 -0600
From: Hamilton Hoover <hamilton@twopoint.com>
Organization: Two Point Conversions, INC.
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16-22 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Nick Rogness <nick@rapidnet.com>
Cc: "freebsd-net@freebsd.org" <freebsd-net@FreeBSD.ORG>,
	"freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: dual homed gateway system running ipfw and nat. need rules help.
References: <Pine.BSF.4.21.0011201153320.68323-100000@rapidnet.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>I am running a dual homed system (2 nics) acting as a >>gateway/firewall for our office T1. The private net uses >>192.x.x.x and the public uses a 'real' address of 209.x.x.x. >>The firewall is up and seems to be working well. I used >>rc.firewall "simple" and have customized it to our needs. All >>outgoing requests appear to to originating from the public >>interface. I want to be able to do two things that I have not >>been able to figure out yet.

>>1) We keep out pop server on the private net. I need to be >>able to get the incoming mail passed to the mail server that >>has a 192.x.x.x address. I was thinking something like:

 
>         Incoming from the outside or inside?

Incoming from the public net.
 
 
>>${fwcmd} pass tcp from any 25 to 192.x.x.x

 
>         The POP server runs on port 110 not 25, that's SMTP.

ok. then I change that from 25 to 110? I run qmail on a linux box on my
private net.

 
>>Is this solid or am I opening myself up from more problems. I >>don't want to relay from outside as mail is only checked from >>inside the private side.

 
>If you don't want mail from the outside world or users to send >mail to the outside world, then this should work.  Is the BSD >machine acting as a mail server?

um, no. I want users to be able to read and send mail normally from the
private side to the public side and, I want mail from the outside world
to pass in to the mail server that is on the private side, mail server
is not running on the gateway/firewall. I allow all outgoing traffic ie;
from private to public so I don't think 'outgoing' mail needs its own
rule? But I have not been able to get mail from the public net to get
passed to my mail server on the private net.


thanks,
Hamilton Hoover


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message