Date: Sun, 25 Feb 2007 17:03:56 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: ck <ck@yourserveradmin.com> Cc: freebsd-questions@freebsd.org Subject: Re: replacing port in outgoing packets to any host Message-ID: <44vehpopwz.fsf@Lowell-Desk.lan> In-Reply-To: <45DE5F5A.5010707@yourserveradmin.com> (ck@yourserveradmin.com's message of "Fri\, 23 Feb 2007 05\:28\:26 %2B0200") References: <45DE5F5A.5010707@yourserveradmin.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ck <ck@yourserveradmin.com> writes: > Hello, participants! > > In constant effort to prevent trojans to send spam following question > came to my mind. > > Is there any way to replace port number for all outgoing packets? > > Long version: > > I want to block outgoing port 25 completely for network behind NAT > router and allow port 8025 for example. But it means that router will > have to replace outgoing port 8025 with port 25. After intensive > googling it looks like my idea is... well... not popular. So, I just > wonder if this is possible at all? Something like this: If it *were* popular, the spammers' viruses would be taught to use it. None of these kinds of "solutions" are scalable. > rdr any to any port 8025 -> any port 25 > > PS Yes, I know that I can redirect port to open-relay on known static IP. You can do something like that, but once you're going to that much effort, it's a lot easier (*and* more effective) to just force everyone to use an internal smarthost.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44vehpopwz.fsf>