From owner-freebsd-questions@FreeBSD.ORG Fri Feb 23 04:06:52 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 49C3616A400 for ; Fri, 23 Feb 2007 04:06:52 +0000 (UTC) (envelope-from ck@yourserveradmin.com) Received: from tetrahedron.itechcraft.com (tetrahedron.itechcraft.com [72.34.45.195]) by mx1.freebsd.org (Postfix) with ESMTP id 3439213C471 for ; Fri, 23 Feb 2007 04:06:52 +0000 (UTC) (envelope-from ck@yourserveradmin.com) Received: from dodekaedr.techs.com.ua ([193.109.101.2] helo=[10.10.10.9]) by tetrahedron.itechcraft.com with esmtpa (Exim 4.63) (envelope-from ) id 1HKR6f-0004bv-Hq for freebsd-questions@freebsd.org; Fri, 23 Feb 2007 05:28:25 +0200 Message-ID: <45DE5F5A.5010707@yourserveradmin.com> Date: Fri, 23 Feb 2007 05:28:26 +0200 From: ck User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus-Scanner: Clean mail though you should still use an Antivirus X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - tetrahedron.itechcraft.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - yourserveradmin.com X-Source: X-Source-Args: X-Source-Dir: Subject: replacing port in outgoing packets to any host X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2007 04:06:52 -0000 Hello, participants! In constant effort to prevent trojans to send spam following question came to my mind. Is there any way to replace port number for all outgoing packets? Long version: I want to block outgoing port 25 completely for network behind NAT router and allow port 8025 for example. But it means that router will have to replace outgoing port 8025 with port 25. After intensive googling it looks like my idea is... well... not popular. So, I just wonder if this is possible at all? Something like this: rdr any to any port 8025 -> any port 25 PS Yes, I know that I can redirect port to open-relay on known static IP. Thanks!