From owner-freebsd-security  Thu Jun 29 11: 9:40 2000
Delivered-To: freebsd-security@freebsd.org
Received: from drawbridge.ctc.com (drawbridge.ctc.com [147.160.99.35])
	by hub.freebsd.org (Postfix) with ESMTP id 3972C37B9AC
	for <freebsd-security@FreeBSD.ORG>; Thu, 29 Jun 2000 11:09:30 -0700 (PDT)
	(envelope-from cameron@ctc.com)
Received: from server2.ctc.com (server2.ctc.com [147.160.1.4])
	by drawbridge.ctc.com (8.10.1/8.10.1) with ESMTP id e5TI9P102077;
	Thu, 29 Jun 2000 14:09:26 -0400 (EDT)
Received: from ctcjst-mail1.ctc.com (ctcjst-mail1.ctc.com [147.160.34.4])
	by server2.ctc.com (8.9.3/8.9.3) with ESMTP id OAA27538;
	Thu, 29 Jun 2000 14:09:18 -0400 (EDT)
Received: by ctcjst-mail1.ctc.com with Internet Mail Service (5.5.2650.21)
	id <M6HJ67JM>; Thu, 29 Jun 2000 14:10:19 -0400
Message-ID: <E41DD2A84F21D411B567009027B0FD886C2A9D@ctcjst-mail1.ctc.com>
From: "Cameron, Frank" <cameron@ctc.com>
To: "'Michael Lucas'" <mwlucas@blackhelicopters.org>
Cc: "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG>
Subject: RE: ipfilter & pptp & freebsd
Date: Thu, 29 Jun 2000 14:10:11 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

What about trying a one-to-one mapping like,

bimap fxp1 192.168.1.105 -> a.b.c.2/32

instead of the rdr rules?

(http://www.obfuscation.org/ipf/ipf-howto.html#TOC_28)

-frank

> -----Original Message-----
> From:	Michael Lucas [SMTP:mwlucas@blackhelicopters.org]
> Sent:	Thursday, June 29, 2000 1:40 PM
> To:	freebsd-security@FreeBSD.ORG
> Subject:	ipfilter & pptp & freebsd
> 
> My ipnat.conf looks like:
> 
> #then the general NAT for the office
> #first, pptp
> rdr fxp1 a.b.c.2/32 port 0 -> 192.168.1.105 port 0 gre
> rdr fxp1 a.b.c.2/32 port 1723 -> 192.168.1.105 port 1723 tcpudp
> 
> #then regular networking
> map fxp1 192.168.1.1/24 -> a.b.c.2/32 proxy port ftp ftp/tcp
> map fxp1 192.168.1.1/24 -> a.b.c.2/32 portmap tcp/udp 10000:40000
> #finally, allow any any outgoing protocol
> map fxp1 192.168.1.0/24 -> a.b.c.2/32
> 
> rdr fxp1 a.b.c.2/32 port 21 -> 192.168.1.254 port 21
> ... plus a bunch more "redirect this for incoming services"...
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message