ipnat redirect to external address

To: netbsd-users%NetBSD.org@localhost
Subject: ipnat redirect to external address
From: Frank Wille <frank%phoenix.owl.de@localhost>
Date: Sat, 03 Nov 2018 12:28:58 +0100

Hi,

I have the following problem:

There are two networks, 192.168.0.0/24 and 192.168.1.0/24. And we have a
mail server running at a public address A.B.C.D, which only accepts mail
via port 587 from 192.168.0.0/24.

The 192.168.1 network is attached via VPN to 192.168.0 and would connect to
the mail server A.B.C.D via the public internet, which we do not allow for
port 587.

Now I'm trying to use a machine in the 192.168.0 net to forward smtp
connections from the 192.168.1 net. So I have enabled ipnat on 192.168.0.2
with the following rule (re0 is 192.168.0.2):

rdr re0 0/0 port 5587 -> A.B.C.D port 587 tcp

Testing the connection with "telnet 192.168.0.2 5587" from 192.168.1.220
immediately terminates with "Connection refused", although it works when
doing "telnet A.B.C.D 587" on 192.168.0.2.

ipnat -l shows the active session, though:

List of active MAP/Redirect filters:
rdr re0 0/0 port 5587 -> A.B.C.D/32 port 587 tcp
List of active sessions:
RDR A.B.C.D    587   <- -> 192.168.0.2     5587  [192.168.1.220 59966]

I guess that "rdr" only works in the same network? When trying to redirect
to a machine in the 192.168.0-net, instead of an external IP-address, it
connects.

Is there any way to accomplish that? What can I do?
Thanks in advance.

-- 
Frank Wille

Follow-Ups:
- Re: ipnat redirect to external address
  - From: Ian Clark

Prev by Date: Re: Serial SLIP Connection
Next by Date: Re: Serial SLIP Connection
Previous by Thread: Areca RAID controllers on non-amd64
Next by Thread: Re: ipnat redirect to external address
Indexes:

Home | Main Index | Thread Index | Old Index