Date: Mon, 1 Oct 2001 19:55:09 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Bryce Newall <data@dreamhaven.org> Cc: FreeBSD Questions List <freebsd-questions@FreeBSD.ORG> Subject: Re: Natd/ipfw/redirect issue Message-ID: <Pine.BSF.4.21.0110011937450.2678-100000@cody.jharris.com> In-Reply-To: <Pine.BSF.4.33.0110011217320.580-100000@ds9.dreamhaven.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 Oct 2001, Bryce Newall wrote: > On Fri, 28 Sep 2001, Nick Rogness wrote: > >>> ipfw rule would allow both internal machines to reach the mail >>> server properly, *and* allow external machines to reach it. With >>> just the ipfw rule in place, no machines could reach it at all. >>> Using natd, external machines could reach it, but not internal >>> ones. >> >> NO! You want to use the redirect_port option to natd NOT IPFW >> FWD!!! man natd > Hey, no need to shout at me... :) I tried both ways, and obviously > using just ipfw didn't work at all, so natd is what I'm using. > However, it's a solution to the *internal* problem that I'm looking > for, be it using ipfw or something else. > This question gets asked at least 100 times a month and the answer could be found by searching the mail archives at www.freebsd.org. Anyway, back to your question. The proper way to handle the internal requests is to have your internal DNS server resolve your mail server IP to an internal IP. You should not have nat doing the work for handling the request. The internal packet should never traverse the outside interface, which triggers the ipfw divert, sending the packet to natd. That is why the internal requests do not work. If running an internal DNS server is out of the question, run a second copy of natd on the internal interface to redirect to the mail server. This is a bad solution, but it will work. Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0110011937450.2678-100000>