From owner-freebsd-questions Mon Nov 20 15:20: 6 2000 Delivered-To: freebsd-questions@freebsd.org Received: from alice.twopoint.com (unknown [209.64.88.4]) by hub.freebsd.org (Postfix) with ESMTP id 5A7A937B4C5 for ; Mon, 20 Nov 2000 15:20:01 -0800 (PST) Received: from twopoint.com (hamilton@fred.twopoint.com [192.168.1.3]) by alice.twopoint.com (8.8.7/8.8.7) with ESMTP id RAA00945; Mon, 20 Nov 2000 17:20:10 -0600 Message-ID: <3A19B227.F1CF7F31@twopoint.com> Date: Mon, 20 Nov 2000 17:22:15 -0600 From: Hamilton Hoover Organization: Two Point Conversions, INC. X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16-22 i686) X-Accept-Language: en MIME-Version: 1.0 To: Daniel Podolsky Cc: freebsd-questions@FreeBSD.ORG Subject: Re: dual homed gateway system running ipfw and nat. need rules help. References: <856E94D34FF3D311B5FE00508B6B8BD22A34F9@BlackWidow.twelvehorses.int> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Daniel Podolsky wrote: > > Hi, > > >>>${fwcmd} pass tcp from any 25 to 192.x.x.x > Will not work because nobody in internet know how to reach your private > addresses. > The public MX record point mail to the firewall. I want the firewall to take mail and pass to internal (private) server. > As far as I can understand you have a mail server inside and you would like > incoming mail to be delivered to this server. Is it quite? yes > Also you would like to use your qmail inside as a outgoing server for your > mail clients. Is it quite? yes > > The simple and finest solution is to configure your gateway as a mail relay. > Gateway should receive you mail and forward it to your inside server. Also > gateway should receive mails from inside and relay it to Internet. Use > "mailertable" feature for sendmail or "smtproutes" for qmail. Do not forget > to allow corresponding traffic in a IPFW. > something like > allow tcp from any to 25 > allow tcp from to any 25 > Please do nor hesitate to ask again if something unclear. > > Also you can comfigure your gateway for divetr incoming packets to port 25 > to you inside mail server but it is more sophisticated... I would like to use some combination of ipfw and NAT to get the mail to the right place. I have so far made the ipfw rule. pass tcp from any 25 to thinking that this would do the trick. It has had no effect. I also added a rule to natd.conf redirect_port tcp 25 25 But I am unsure if this is correct and I havn't found any useful information on the correct syntax for natd.conf Hamilton Hoover To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message