ipfw configuration to intercept SMTP traffic

Christian Hiris 4711 at chello.at
Sun Oct 31 14:49:14 PST 2004

Hash: SHA1

On Sunday 31 October 2004 21:39, Bill Eccles wrote:
> Gentleones,
> I have a commercial website/mail product running on a box. Unfortunately,
> the product is not so smart and when it needs to bounce something, it
> ignores the SMTP "Always Relay Via" setting and attempts to connect
> directly to the mail exchanger for the domain it's bouncing to.
> So what I figure I can do is redirect port 25 of "me" to any to port 25 of
> the upstream server at aa.bb.cc.dd. That makes sense, right? So I'd
> probably use:

You mean redirect [from me to any destination-port 25] to upstream server 
aa.bb.cc.dd port 25?  

> ipfw add 8000 divert 25 all from me to aa.bb.cc.dd via en0

Your rule seems to be wrong. It uses port 25 to setup the divert-socket, and 
matches all source-ports. The divert-socket default-port is 8668 (natd).  

ipfw add 8000 divert natd all from me to any 25 via en0 

Are you running natd on your machine? Natd reads/writes the packets from/to 
the divert-socket and changes IP-address and portnumber as defined by natd 
options or in your natd.conf file. In your case I would run natd with the 
option '-proxy_rule port 25 server aa.bb.cc.dd:25'. 
Natd-setup is documented in 'man 8 natd'. 


- -- 
Christian Hiris <4711 at chello.at> | OpenPGP KeyID 0x3BCA53BE 
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
Version: GnuPG v1.2.6 (FreeBSD)


More information about the freebsd-questions mailing list