Date: Thu, 8 May 2008 01:20:27 -0700 From: Jeremy Chadwick <koitsu@freebsd.org> To: Jille <jille@quis.cx> Cc: CZUCZY Gergely <gergely.czuczy@harmless.hu>, freebsd-pf@freebsd.org Subject: Re: iptables rule in pf Message-ID: <20080508082027.GA98876@eos.sc1.parodius.com> In-Reply-To: <4822B6CC.1080502@quis.cx> References: <48222786.3050400@samoylyk.sumy.ua> <20080508085234.2cac29ca@twoflower.in.publishing.hu> <4822B459.6090307@samoylyk.sumy.ua> <20080508101252.4d25b9eb@twoflower.in.publishing.hu> <4822B6CC.1080502@quis.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 08, 2008 at 10:16:12AM +0200, Jille wrote: >>>>> iptables -t nat -A PREROUTING -i ethX -p tcp --dport 2525 -j DNAT >>>>> --to-destination :25 >>>>> >>>> rdr on $interface proto tcp from any to port 2525 -> >>>> <the_destionation_you_have_omitted> port 25 >>>> >>> I meant _any_ destination with 25 port. >>> >>> That iptables rule worked for any destination. >>> >> You cannot rewrite a packet's destination address to _any_ destination. >> >> It's like you cannot submit a package at the post office with the destination >> address "any". It's just meaningless. >> > I think he only want to 'change' the port-number, and don't touch the > destination address. > You could try: > > rdr on $interface proto tcp from any to port 2525 -> port 25 > > But that's a wild guess (I'm *not* sure) He'll need to specify an IP address for the redirection destination, e.g.: rdr on $interface proto tcp from any to port 2525 -> 127.0.0.1 port 25 -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080508082027.GA98876>