Date: Tue, 16 Nov 2004 13:54:38 +0000 From: Luciano Musacchio <l0kit0@exactas.org> To: Odhiambo Washington <wash@wananchi.com>, freebsd-questions@freebsd.org Subject: Re: IPF+IPNAT and port redirection Message-ID: <200411161354.39537.l0kit0@exactas.org> In-Reply-To: <20041116154947.GN68837@ns2.wananchi.com> References: <20041116154947.GN68837@ns2.wananchi.com>
index | next in thread | previous in thread | raw e-mail
Odhiambo, it seems to me that 0/24 is not correct, dynamic inet address should be refferred as 0/32, I would do something like this: rdr <int_if> 0.0.0.0/32 port 25 -> 10.0.0.2 port 25 map <out_if> from 10.0.0.0/24 ! to 10.0.0.0/24 -> 0/32 portmap tcp/udp auto map <out_if> from 10.0.0.0/24 ! to 10.0.0.0/24 -> 0/32 its just an idea, im new to this too :), but see the negated rules, it allows you to make connections within the internal network, your way, all packets are send away to inet with an private ip destination and of course, the first router they find will drop it, good luck El Martes 16 Noviembre 2004 15:49, Odhiambo Washington escribió: > I have a FreeBSD router box running IPF/IPNAT. > With the advent of Viruses that have their own SMTP engines, > I would like to capture any traffic going out from internal LAN > to port 25 and redirect those to port 25 of my router. > I believe this is the equivalent of "reverse port mapping", if > I can call it that. > How do I redirect this using ipnat? > Right now I have the following in my /etc/ipnat.rules: > > map rl0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto > map rl0 10.0.0.0/24 -> 0.0.0.0/32 > > .... rl0 being my oif, and xl0 being iif. > > Given that my iip is 10.0.0.2, I would like to do this: > > rdr xl0 0.0.0.0/24 port 25 -> 10.0.0.2 port 25 > > The problem is 10.0.0.2 is a subset of 0.0.0.0/24. Shall I redirect then > to the external IP instead? > > I am damn confused with these IPNAT stuff ;) > > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +======================================================================+ > > |\ _,,,---,,_ | Odhiambo Washington <wash@wananchi.com> > > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +======================================================================+ > The fact that it works is immaterial. > -- L. Ogborn > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411161354.39537.l0kit0>