ipfw configuration to intercept SMTP traffic
Bill Eccles
Bill.lists at Eccles.net
Mon Nov 1 09:01:18 PST 2004
Actually, the original question contains the tidbit that the machine
doing the serving is also the problem child, i.e., all of the traffic
that I need to redirect is being produced on the same box from that
box's SMTP server.
Thanks for the explanation, though. Low-level TCP stuff is not my
forte... yet.
Bill
On Nov 1, 2004, at 11:27 AM, Aaron Nichols wrote:
>> I believe you'll have one additional problem to resolve. Even if you
>> successfully modify the destination IP address and get it pointed to
>> the upstream server, the source IP will be unmodified and will still
>> be the originator. Since the source IP is unmodified - the upstream
>> mail server will send an ACK back to the originators IP (not yours)
>> which will most likely get discarded and the connection will fail.
>> Most sane TCP/IP stacks will reject an ACK from an IP address to which
>> it did not send a request. Since the ACK is not going to run back
>> through your host (thus allowing natd another go at reversing the
>> translation) this likely wont work.
>
> Sorry all - I had missed the post regarding use of the -proxy_rule
> option, which may address this issue.
>
> Didn't mean to futher confuse the issue.
>
> Aaron
>
More information about the freebsd-questions
mailing list