You're over-complicating stuff. Just set your reply-to header to your email address, and send it to a mailserver on the gateway box.
Basically, to use masquerading, read the IP-MASQ mini-howto (zless /usr/doc/HOWTO/mini/IP-Masq*gz) and compile the options listed into your kernel. If you use 2.1.125 this uses IPchains, the IPchains howto is in /usr/doc/netbase/ or something, i've made a firewalling/masquerading script that handles dynamic interface ips etc. and put it at www.spoons.gen.nz/firewall-2/, there is also a IPchains patch in there for 2.0 series kernels. Also, use fetchmail to get mail from your provider. James Spooner - [EMAIL PROTECTED] ----------------------------------- I mess with computers. On Sun, 11 Oct 1998, Jens Hellmerichs-Friedrich wrote: > Hi, > > RTFM about masquerading: > man ipfwadm > .... > -m Masquerade packets accepted for forwarding. When > this option is set, packets accepted by this rule > will be masqueraded as if they originated from the > local host. Furthermore, reverse packets will be > recognized as such and they will be demasqueraded > automatically, bypassing the forwarding firewall. > This option is only valid in forwarding firewall > rules with policy accept (or when specifying accept > as default policy) and can only be used when the > kernel is compiled with CONFIG_IP_MASQUERADE > defined. > .... > man ipfw > .... > This paragraph describes the way a packet goes through the > firewall and accounting rules. Packets received via one > of the local network interface will pass the following > sets of rules: > accounting (incoming device) > input firewall (incoming device) > Here, the device (network interface) that is used when > trying to match a rule with an IP packet is listed between > brackets. After this step, a packet will optionally be > redirected to a local socket. When a packet has to be > forwarded to a remote host, it will also pass the next set > of rules: > forwarding firewall (outgoing device) > After this step, a packet will optionally be masqueraded. > Responses to masqueraded packets will never pass the for� > warding firewall (but they will pass both the input and > output firewalls). All packets sent via one of the local > network interfaces, either locally generated or being for� > warded, will pass the following sets of rules: > output firewall (outgoing device) > accounting (outgoing device) > Note that masqueraded packets will pass the output fire� > wall and accounting rules with the new packet headers > (after passing the input and forwarding firewall with the > original headers). Also, responses to masqueraded packets > will have different headers when passing the input and > output firewall rules. > .... > > Now, i want to setup masquerading with this topology: > > Provider (ISP-IP) <---> FW/MASQU (FW-IP) <---> INTERNAL (OWN-IP) > > Consider sending mail from OWN-IP to ISP-IP with masquerading: > The firewall will use IP-Headers: > incoming: OWN-IP > forward : OWN-IP > outgoing: FW-IP (masqueraded, uses temp. port) > and responses will use: > incoming: FW-IP (temp. port) > outgoing: OWN-IP > without forwarding. > > This leads to the following: > > - in order to masquerade the packets, they must be accepted for forwarding > with original IP-Header. > - outgoing IP-Headers are using FW-IP on temporary port > > =>in order to use masquerading, i have to allow the > temporary used "masquade-ports" on the firewall in incoming direction! > > What about e.g. incoming mail ? > > The ISP only knows the (masqueraded) FW-IP as a reachable host. So the get > incoming mail working, IP-Redirection has to be used, to connect the > incoming SMTP-connection to the mailhost. > > Result: > 1) I don�t want to allow any connection with destination adress > of my firewall > 2) IP-Redirection is in alpha/beta yet (?), so i don�t want to > use this too, > 3) In order to use masquerading, i have to use a dedicated masquerading > host, e.g. with the following topology: > > Provider (ISP-IP) <---> FW (FW-IP) <---> MASQU (MQ-IP) <---> INTERNAL (OWN-IP) > > Any suggestions for this scenario ? > Is my interpretation correct ? > How do you setup masquerading ? > > -- > MfG > Jens Hellmerichs-Friedrich > > http://www.fen.baynet.de/jens.hellmerichs-friedrich > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
