Date: Thu, 29 Jun 2000 14:10:11 -0400 From: "Cameron, Frank" <cameron@ctc.com> To: "'Michael Lucas'" <mwlucas@blackhelicopters.org> Cc: "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG> Subject: RE: ipfilter & pptp & freebsd Message-ID: <E41DD2A84F21D411B567009027B0FD886C2A9D@ctcjst-mail1.ctc.com>
next in thread | raw e-mail | index | archive | help
What about trying a one-to-one mapping like, bimap fxp1 192.168.1.105 -> a.b.c.2/32 instead of the rdr rules? (http://www.obfuscation.org/ipf/ipf-howto.html#TOC_28) -frank > -----Original Message----- > From: Michael Lucas [SMTP:mwlucas@blackhelicopters.org] > Sent: Thursday, June 29, 2000 1:40 PM > To: freebsd-security@FreeBSD.ORG > Subject: ipfilter & pptp & freebsd > > My ipnat.conf looks like: > > #then the general NAT for the office > #first, pptp > rdr fxp1 a.b.c.2/32 port 0 -> 192.168.1.105 port 0 gre > rdr fxp1 a.b.c.2/32 port 1723 -> 192.168.1.105 port 1723 tcpudp > > #then regular networking > map fxp1 192.168.1.1/24 -> a.b.c.2/32 proxy port ftp ftp/tcp > map fxp1 192.168.1.1/24 -> a.b.c.2/32 portmap tcp/udp 10000:40000 > #finally, allow any any outgoing protocol > map fxp1 192.168.1.0/24 -> a.b.c.2/32 > > rdr fxp1 a.b.c.2/32 port 21 -> 192.168.1.254 port 21 > ... plus a bunch more "redirect this for incoming services"... > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E41DD2A84F21D411B567009027B0FD886C2A9D>