RE: port forwarding and ip-less firewall
Really hard to help you when you do not post what firewall you are using and the nat rules you are using. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Edison Cala Sent: Wednesday, February 25, 2004 4:20 AM To: [EMAIL PROTECTED] Subject: port forwarding and ip-less firewall hello list! i want to ask some help on port forwarding in a bridge-firewall network. our network setup is: 1. the router is outside the firewall, direct to the internet. 2. the bridge-firewall computer (2 ethernet cards installed, eth0 - outside (router), eth1 - protected network) is between the router and the protected network. all the servers are behind the firewall and only opened the allowed ports. i have 2 mail servers (unit1.domain.com and unit2.domain.com) running on the protected network, unit1.domain.com is just an smtp relay for unit2.domain.com and its working fine. however, i want to put a rule (port forward) in firewall to forward request destined to unit2.domain.com (port 25), but that request should be first passed to unit1.domain.com (for antispam processing) before unit2. unit1 should then be the one to forward the request to unit2.domain.com. why i want to do this is that, some mails are getting through and received at unit2 without passing to unit1. in mx, unit1 is the 1st prio and unit2 is 2nd prio only. please help and give an idea on port forwarding rules between two servers within the protected network. thank you! edison cala ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port forwarding and ip-less firewall
On Wed, Feb 25, 2004 at 05:19:35PM +0800, Edison Cala wrote: hello list! i want to ask some help on port forwarding in a bridge-firewall network. our network setup is: 1. the router is outside the firewall, direct to the internet. 2. the bridge-firewall computer (2 ethernet cards installed, eth0 - outside (router), eth1 - protected network) is between the router and the protected network. all the servers are behind the firewall and only opened the allowed ports. i have 2 mail servers (unit1.domain.com and unit2.domain.com) running on the protected network, unit1.domain.com is just an smtp relay for unit2.domain.com and its working fine. however, i want to put a rule (port forward) in firewall to forward request destined to unit2.domain.com (port 25), but that request should be first passed to unit1.domain.com (for antispam processing) before unit2. unit1 should then be the one to forward the request to unit2.domain.com. why i want to do this is that, some mails are getting through and received at unit2 without passing to unit1. in mx, unit1 is the 1st prio and unit2 is 2nd prio only. please help and give an idea on port forwarding rules between two servers within the protected network. thank you! edison cala I think this would normally be handled using a 'fwd' rule (man ipfw), but the manpage specifically states: A fwd rule will not match layer-2 packets (those received on ether_input, ether_output, or bridged). So, I'm not sure how you could implement this when using ipfw on a bridged interface. Nathan -- gpg --keyserver pgp.mit.edu --recv-keys D8527E49 pgp0.pgp Description: PGP signature
RE: port forwarding and IP-less firewall
hello again list! my firewall is setup in freebsd 4.5 and had not implemented nat. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]