From owner-freebsd-questions@FreeBSD.ORG Sun Feb 25 22:04:04 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E468516A400 for ; Sun, 25 Feb 2007 22:04:04 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail5.sea5.speakeasy.net (mail5.sea5.speakeasy.net [69.17.117.7]) by mx1.freebsd.org (Postfix) with ESMTP id C0CDC13C442 for ; Sun, 25 Feb 2007 22:04:00 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 32246 invoked from network); 25 Feb 2007 22:04:00 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail5.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 25 Feb 2007 22:04:00 -0000 Received: from Lowell-Desk.localdomain (Lowell-Desk.lan [172.30.250.6]) by be-well.ilk.org (Postfix) with ESMTP id E44CD28426; Sun, 25 Feb 2007 17:03:56 -0500 (EST) Received: by Lowell-Desk.localdomain (Postfix, from userid 1147) id 9F7501CE6A; Sun, 25 Feb 2007 17:03:56 -0500 (EST) To: ck References: <45DE5F5A.5010707@yourserveradmin.com> From: Lowell Gilbert Date: Sun, 25 Feb 2007 17:03:56 -0500 In-Reply-To: <45DE5F5A.5010707@yourserveradmin.com> (ck@yourserveradmin.com's message of "Fri\, 23 Feb 2007 05\:28\:26 +0200") Message-ID: <44vehpopwz.fsf@Lowell-Desk.lan> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.93 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: replacing port in outgoing packets to any host X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2007 22:04:05 -0000 ck writes: > Hello, participants! > > In constant effort to prevent trojans to send spam following question > came to my mind. > > Is there any way to replace port number for all outgoing packets? > > Long version: > > I want to block outgoing port 25 completely for network behind NAT > router and allow port 8025 for example. But it means that router will > have to replace outgoing port 8025 with port 25. After intensive > googling it looks like my idea is... well... not popular. So, I just > wonder if this is possible at all? Something like this: If it *were* popular, the spammers' viruses would be taught to use it. None of these kinds of "solutions" are scalable. > rdr any to any port 8025 -> any port 25 > > PS Yes, I know that I can redirect port to open-relay on known static IP. You can do something like that, but once you're going to that much effort, it's a lot easier (*and* more effective) to just force everyone to use an internal smarthost.