Re: ipfw configuration to intercept SMTP traffic

From: Christian Hiris (4711_at_chello.at)
Date: 10/31/04 

To: freebsd-questions@freebsd.org
Date: Sun, 31 Oct 2004 23:48:32 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 31 October 2004 21:39, Bill Eccles wrote:
> Gentleones,
>
> I have a commercial website/mail product running on a box. Unfortunately,
> the product is not so smart and when it needs to bounce something, it
> ignores the SMTP "Always Relay Via" setting and attempts to connect
> directly to the mail exchanger for the domain it's bouncing to.
>
> So what I figure I can do is redirect port 25 of "me" to any to port 25 of
> the upstream server at aa.bb.cc.dd. That makes sense, right? So I'd
> probably use:

You mean redirect [from me to any destination-port 25] to upstream server
aa.bb.cc.dd port 25?

> ipfw add 8000 divert 25 all from me to aa.bb.cc.dd via en0

Your rule seems to be wrong. It uses port 25 to setup the divert-socket, and
matches all source-ports. The divert-socket default-port is 8668 (natd).

ipfw add 8000 divert natd all from me to any 25 via en0

Are you running natd on your machine? Natd reads/writes the packets from/to
the divert-socket and changes IP-address and portnumber as defined by natd
options or in your natd.conf file. In your case I would run natd with the
option '-proxy_rule port 25 server aa.bb.cc.dd:25'.
Natd-setup is documented in 'man 8 natd'.

HTH,
ch

- --
Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x3BCA53BE
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBhWvk09WjGjvKU74RAh6VAJ9H6yEohPLFCBSRdJ+SNDA3nOycrACfaVqo
C4tHUn2wstlv22ktbSCaFKU=
=4jCL
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"