Date: Mon, 1 Nov 2004 08:27:50 -0800 From: Aaron Nichols <adnichols@gmail.com> To: Bill Eccles <bill.lists@eccles.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw configuration to intercept SMTP traffic Message-ID: <ac05538404110108274e8e4445@mail.gmail.com> In-Reply-To: <ac0553840411010822650f4ed0@mail.gmail.com> References: <200410312349.08193.4711@chello.at> <BDAAF00E.10E7%Bill.lists@Eccles.net> <ac0553840411010822650f4ed0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I believe you'll have one additional problem to resolve. Even if you > successfully modify the destination IP address and get it pointed to > the upstream server, the source IP will be unmodified and will still > be the originator. Since the source IP is unmodified - the upstream > mail server will send an ACK back to the originators IP (not yours) > which will most likely get discarded and the connection will fail. > Most sane TCP/IP stacks will reject an ACK from an IP address to which > it did not send a request. Since the ACK is not going to run back > through your host (thus allowing natd another go at reversing the > translation) this likely wont work. Sorry all - I had missed the post regarding use of the -proxy_rule option, which may address this issue. Didn't mean to futher confuse the issue. Aaron
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ac05538404110108274e8e4445>