IPF+IPNAT and port redirection
Odhiambo Washington
wash at wananchi.com
Tue Nov 16 07:49:57 PST 2004
I have a FreeBSD router box running IPF/IPNAT.
With the advent of Viruses that have their own SMTP engines,
I would like to capture any traffic going out from internal LAN
to port 25 and redirect those to port 25 of my router.
I believe this is the equivalent of "reverse port mapping", if
I can call it that.
How do I redirect this using ipnat?
Right now I have the following in my /etc/ipnat.rules:
map rl0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map rl0 10.0.0.0/24 -> 0.0.0.0/32
.... rl0 being my oif, and xl0 being iif.
Given that my iip is 10.0.0.2, I would like to do this:
rdr xl0 0.0.0.0/24 port 25 -> 10.0.0.2 port 25
The problem is 10.0.0.2 is a subset of 0.0.0.0/24. Shall I redirect then
to the external IP instead?
I am damn confused with these IPNAT stuff ;)
-Wash
http://www.netmeister.org/news/learn2quote.html
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wash at wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
The fact that it works is immaterial.
-- L. Ogborn
More information about the freebsd-questions
mailing list