Alexandre Vasconcelos wrote:
I'm lost somewhere..
I'm trying to do a simple SMTP rdr wihtout success. Using ipmon I can see the traffic coming and expiring, but it can't arrive to its destination. When I try to telnet the operation times out, I'm missing something.. I have another link with the same setup working ok, I've tried the same config without success..
some data:
FreeBSD 4.9-RELEASE-p1
IP Filter - 3.4.31
Network - 222.222.222.x/26
Firewall nic - 222.222.222.194/26
SMTP relay - 222.222.222.195/26
ipnat.rules:
rdr xl1 222.222.222.194/26 port 25 -> 10.0.1.10 port 25
ipf.rules:
pass in quick on xl1 proto tcp from 222.222.222.195/26 to 10.0.1.10/32 port = 25 keep state
I tried to change external masks to /32 with no success.. The firewall internal nic can see and telnet to 10.0.1.10, 25..
Any clues?
Have you provided arp on the external interface for the relay IP?
arp -s 222.222.222.195 auto pub
I guess I don't understand your setup from the description. Are you saying you have some other external system that is the "SMTP relay" and are trying to let that system relay to the inside? Or are you trying to provide the SMTP for the inside box on the "SMTP relay" IP? If the former case, then why do you have "222.222.222.195/26" in your IPF rule? That should be 222.222.222.192/26. If the latter case, then the rdr should be "rdr xl1 222.222.222.195/32" and you should have a "tcp" at the end.
I'll assume the former case:
Try using for ipnat:
rdr xl1 222.222.222.194/32 port 25 -> 10.0.1.10 port 25 tcp
and for ipf:
pass in quick on xl1 proto tcp from 222.222.222.192/26 to 10.0.1.10/32 port = 25 keep state
-- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
