Date: Tue, 16 Nov 2004 18:49:47 +0300 From: Odhiambo Washington <wash@wananchi.com> To: freebsd-questions@freebsd.org Subject: IPF+IPNAT and port redirection Message-ID: <20041116154947.GN68837@ns2.wananchi.com>
next in thread | raw e-mail | index | archive | help
I have a FreeBSD router box running IPF/IPNAT. With the advent of Viruses that have their own SMTP engines, I would like to capture any traffic going out from internal LAN to port 25 and redirect those to port 25 of my router. I believe this is the equivalent of "reverse port mapping", if I can call it that. How do I redirect this using ipnat? Right now I have the following in my /etc/ipnat.rules: map rl0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto map rl0 10.0.0.0/24 -> 0.0.0.0/32 .... rl0 being my oif, and xl0 being iif. Given that my iip is 10.0.0.2, I would like to do this: rdr xl0 0.0.0.0/24 port 25 -> 10.0.0.2 port 25 The problem is 10.0.0.2 is a subset of 0.0.0.0/24. Shall I redirect then to the external IP instead? I am damn confused with these IPNAT stuff ;) -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <wash@wananchi.com> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ The fact that it works is immaterial. -- L. Ogborn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041116154947.GN68837>