Date: Mon, 20 Nov 2000 14:30:28 -0700 (MST) From: Nick Rogness <nick@rapidnet.com> To: Hamilton Hoover <hamilton@twopoint.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@FreeBSD.ORG> Subject: Re: dual homed gateway system running ipfw and nat. need rules help. Message-ID: <Pine.BSF.4.21.0011201353000.96101-100000@rapidnet.com> In-Reply-To: <3A197FA5.95299923@twopoint.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Nov 2000, Hamilton Hoover wrote:
I'm only sending the response to -net.
> >>1) We keep out pop server on the private net. I need to be >>able to
> get the incoming mail passed to the mail server that >>has a 192.x.x.x
> address. I was thinking something like:
>
>
> > Incoming from the outside or inside?
>
> Incoming from the public net.
Do you have a NAT translation setup for that machine?
If not see below.
>
> >>${fw8cmd} pass tcp from any 25 to 192.x.x.x
>
>
> > The POP server runs on port 110 not 25, that's SMTP.
>
> ok. then I change that from 25 to 110? I run qmail on a linux box on my
> private net.
Is your linux qmail server on the same network as your client
machines? If so, then you need no special firewall rules for that
box. Since your mail server is on the inside of your network it
never touches your firewall.
For public access to your mail server (SMTP) the above rule with
port 25 will work fine. It must come AFTER the divert rule.
Another question...Do you want clients from the outside to check
their mail via POP (or IMAP)?
>
> >>Is this solid or am I opening myself up from more problems. I
> >>don't want to relay from outside as mail is only checked from
> >>inside the private side.
>
> >If you don't want mail from the outside world or users to send >mail
> to the outside world, then this should work. Is the BSD >machine
> acting as a mail server?
>
> um, no. I want users to be able to read and send mail normally from the
> private side to the public side and, I want mail from the outside world
> to pass in to the mail server that is on the private side, mail server
> is not running on the gateway/firewall. I allow all outgoing traffic ie;
> from private to public so I don't think 'outgoing' mail needs its own
> rule? But I have not been able to get mail from the public net to get
> passed to my mail server on the private net.
If you don't have NAT setup then:
You need to add a network address translation (NAT) statement to
your natd config. Either a redirect_address or redirect_port will
work. For example, let's say that your inside mail server is
192.168.1.2. You have a free outside IP of 209.4.4.4 that you
want to assign to this mail server. Your natd statement would be:
redirect_address 192.168.1.2 209.4.4.4
You can use redirect_port in the same way.
Then set you MX record (public) to point to the above outside IP.
Nick Rogness
- Drive defensively. Buy a tank.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011201353000.96101-100000>