From owner-freebsd-questions@FreeBSD.ORG Tue Nov 16 16:53:25 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C748016A4CE for ; Tue, 16 Nov 2004 16:53:25 +0000 (GMT) Received: from elsaurio.com.ar (200-32-4-157.prima.net.ar [200.32.4.157]) by mx1.FreeBSD.org (Postfix) with SMTP id 55B7B43D2F for ; Tue, 16 Nov 2004 16:53:24 +0000 (GMT) (envelope-from l0kit0@exactas.org) Received: (qmail 7632 invoked from network); 16 Nov 2004 16:52:08 -0000 Received: from unknown (HELO 80-179-114-200.fibertel.com.ar) (200.114.179.80) by 200-32-4-157.prima.net.ar with SMTP; 16 Nov 2004 16:52:08 -0000 From: Luciano Musacchio Organization: eXactas.org To: Odhiambo Washington , freebsd-questions@freebsd.org Date: Tue, 16 Nov 2004 13:54:38 +0000 User-Agent: KMail/1.7.1 References: <20041116154947.GN68837@ns2.wananchi.com> In-Reply-To: <20041116154947.GN68837@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200411161354.39537.l0kit0@exactas.org> Subject: Re: IPF+IPNAT and port redirection X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2004 16:53:25 -0000 Odhiambo, it seems to me that 0/24 is not correct, dynamic inet address should be=20 refferred as 0/32, I would do something like this: rdr 0.0.0.0/32 port 25 -> 10.0.0.2 port 25 map from 10.0.0.0/24 ! to 10.0.0.0/24 -> 0/32 portmap tcp/udp auto map from 10.0.0.0/24 ! to 10.0.0.0/24 -> 0/32 its just an idea, im new to this too :), but see the negated rules, it allo= ws=20 you to make connections within the internal network, your way, all packets= =20 are send away to inet with an private ip destination and of course, the fir= st=20 router they find will drop it, good luck El Martes 16 Noviembre 2004 15:49, Odhiambo Washington escribi=F3: > I have a FreeBSD router box running IPF/IPNAT. > With the advent of Viruses that have their own SMTP engines, > I would like to capture any traffic going out from internal LAN > to port 25 and redirect those to port 25 of my router. > I believe this is the equivalent of "reverse port mapping", if > I can call it that. > How do I redirect this using ipnat? > Right now I have the following in my /etc/ipnat.rules: > > map rl0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto > map rl0 10.0.0.0/24 -> 0.0.0.0/32 > > .... rl0 being my oif, and xl0 being iif. > > Given that my iip is 10.0.0.2, I would like to do this: > > rdr xl0 0.0.0.0/24 port 25 -> 10.0.0.2 port 25 > > The problem is 10.0.0.2 is a subset of 0.0.0.0/24. Shall I redirect then > to the external IP instead? > > I am damn confused with these IPNAT stuff ;) > > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ > > |\ _,,,---,,_ | Odhiambo Washington > > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ > The fact that it works is immaterial. > -- L. Ogborn > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"