[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rdr smtp packets?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: rdr smtp packets?
From: William Boettcher <wcboettcher_(_at_)_voyager_(_dot_)_net>
Date: Tue, 21 Aug 2001 16:00:02 -0500

Hello,

Ok, packets are going through my OBSD 2.7 box fine...with the exception of smtp....current setup is

ipf.rules

<snip> pass in quick on ep0 proto tcp from 192.168.1.0/24 port > 29999 to x.x.x.x port 25 flags S keep state <snip>

ipnat.rules

rdr ep0 ep0/32 port 25 -> 164.5.5.83 port 25 tcp
map ep0 x.x.x.x/24 -> ep0/32 portmap tcp/udp 20000:65000
map ep0 x.x.x.x/24 -> ep0/32
map ep0 mailserver_ipmask/24 -> ep0/32 portmap tcp/udp 30000:65000
map ep0 mailserver_ipmask/24 -> ep0/32

When logged into my router I can telnet to the external card on the firewall port 25 and it passes right to the mail server no problem. When I try telneting to the serial ip on the router on port 25 it times out. Watching the debug on the router, it looks like the router is trying to pass the packet right, but the firewall isn't taking it (at the time I wasn't logging it). Probably because ipf & ipnat are set to take it from a 192.168 address, and mail packets are actually coming in from various ip address....so I need to change this so I can accept incoming mail from any ip address. This is what I've done...

ipf.rules

<snip> pass in quick on ep0 proto tcp from any port > 54999 to x.x.x.x port 25 flags S keep state <snip>

ipnat.rules

rdr ep0 0/32 port 25 -> 164.5.5.83 port 25 tcp
map ep0 x.x.x.x/24 -> ep0/32 portmap tcp/udp 10000:55000
map ep0 x.x.x.x/24 -> ep0/32
map ep0 mailserver_ipmask/24 -> ep0/32 portmap tcp/udp 55000:65000
map ep0 mailserver_ipmask/24 -> ep0/32

I'm timing out with the above trying to telnet into the serial_ip port 25, also telneting off of the router to port 25. I was thinking changing the ep0 to 0 in the rdr statement and passing from any in ipf.rules would make it pass the smtp packets regardless of where they came from, apparently not. Could someone please tell me what I've overlooked or point me to a link for this. I've been searching the archives and dejanews with new success so far.


thanks in advance,
Will

Prev by Date: Re: Compiling xinetd
Next by Date: Re: RAID5 - raidctl member disks ~100GB
Previous by thread: Re: Compiling xinetd
Next by thread: Re: RAID5 - raidctl member disks ~100GB
Index(es):
- Date
- Thread

Visit your host, monkey.org