Date: Sun, 31 Oct 2004 19:39:58 -0500 From: Bill Eccles <Bill.lists@Eccles.net> To: <freebsd-questions@freebsd.org> Subject: Re: ipfw configuration to intercept SMTP traffic Message-ID: <BDAAF00E.10E7%Bill.lists@Eccles.net> In-Reply-To: <200410312349.08193.4711@chello.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually, you bring up an interesting point that, yes, I'd forgotten about natd. However, I realized after watching a tcpdump that the outgoing port is a random port--only the destination port is 25 on the upstream box. So, somehow I have to rig up something that listens for an SMTP connection destined for any address from any port but to the upstream box's port 25. It then must send it out to the aa.bb.cc.dd:25. Any ideas, folks? Thanks, Bill ------------------------ > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sunday 31 October 2004 21:39, Bill Eccles wrote: >> Gentleones, >> >> I have a commercial website/mail product running on a box. Unfortunately, >> the product is not so smart and when it needs to bounce something, it >> ignores the SMTP "Always Relay Via" setting and attempts to connect >> directly to the mail exchanger for the domain it's bouncing to. >> >> So what I figure I can do is redirect port 25 of "me" to any to port 25 of >> the upstream server at aa.bb.cc.dd. That makes sense, right? So I'd >> probably use: > > You mean redirect [from me to any destination-port 25] to upstream server > aa.bb.cc.dd port 25? > >> ipfw add 8000 divert 25 all from me to aa.bb.cc.dd via en0 > > Your rule seems to be wrong. It uses port 25 to setup the divert-socket, and > matches all source-ports. The divert-socket default-port is 8668 (natd). > > ipfw add 8000 divert natd all from me to any 25 via en0 > > Are you running natd on your machine? Natd reads/writes the packets from/to > the divert-socket and changes IP-address and portnumber as defined by natd > options or in your natd.conf file. In your case I would run natd with the > option '-proxy_rule port 25 server aa.bb.cc.dd:25'. > Natd-setup is documented in 'man 8 natd'. > > HTH, > ch > > - -- > Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x3BCA53BE > OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.6 (FreeBSD) > > iD8DBQFBhWvk09WjGjvKU74RAh6VAJ9H6yEohPLFCBSRdJ+SNDA3nOycrACfaVqo > C4tHUn2wstlv22ktbSCaFKU= > =4jCL > -----END PGP SIGNATURE----- >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BDAAF00E.10E7%Bill.lists>