Date: Tue, 16 Nov 2004 13:54:38 +0000 From: Luciano Musacchio <l0kit0@exactas.org> To: Odhiambo Washington <wash@wananchi.com>, freebsd-questions@freebsd.org Subject: Re: IPF+IPNAT and port redirection Message-ID: <200411161354.39537.l0kit0@exactas.org> In-Reply-To: <20041116154947.GN68837@ns2.wananchi.com> References: <20041116154947.GN68837@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Odhiambo, it seems to me that 0/24 is not correct, dynamic inet address should be=20 refferred as 0/32, I would do something like this: rdr <int_if> 0.0.0.0/32 port 25 -> 10.0.0.2 port 25 map <out_if> from 10.0.0.0/24 ! to 10.0.0.0/24 -> 0/32 portmap tcp/udp auto map <out_if> from 10.0.0.0/24 ! to 10.0.0.0/24 -> 0/32 its just an idea, im new to this too :), but see the negated rules, it allo= ws=20 you to make connections within the internal network, your way, all packets= =20 are send away to inet with an private ip destination and of course, the fir= st=20 router they find will drop it, good luck El Martes 16 Noviembre 2004 15:49, Odhiambo Washington escribi=F3: > I have a FreeBSD router box running IPF/IPNAT. > With the advent of Viruses that have their own SMTP engines, > I would like to capture any traffic going out from internal LAN > to port 25 and redirect those to port 25 of my router. > I believe this is the equivalent of "reverse port mapping", if > I can call it that. > How do I redirect this using ipnat? > Right now I have the following in my /etc/ipnat.rules: > > map rl0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto > map rl0 10.0.0.0/24 -> 0.0.0.0/32 > > .... rl0 being my oif, and xl0 being iif. > > Given that my iip is 10.0.0.2, I would like to do this: > > rdr xl0 0.0.0.0/24 port 25 -> 10.0.0.2 port 25 > > The problem is 10.0.0.2 is a subset of 0.0.0.0/24. Shall I redirect then > to the external IP instead? > > I am damn confused with these IPNAT stuff ;) > > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ > > |\ _,,,---,,_ | Odhiambo Washington <wash@wananchi.com> > > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ > The fact that it works is immaterial. > -- L. Ogborn > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411161354.39537.l0kit0>