iptables rule in pf
Jeremy Chadwick
koitsu at freebsd.org
Thu May 8 08:20:27 UTC 2008
On Thu, May 08, 2008 at 10:16:12AM +0200, Jille wrote:
>>>>> iptables -t nat -A PREROUTING -i ethX -p tcp --dport 2525 -j DNAT
>>>>> --to-destination :25
>>>>>
>>>> rdr on $interface proto tcp from any to port 2525 ->
>>>> <the_destionation_you_have_omitted> port 25
>>>>
>>> I meant _any_ destination with 25 port.
>>>
>>> That iptables rule worked for any destination.
>>>
>> You cannot rewrite a packet's destination address to _any_ destination.
>>
>> It's like you cannot submit a package at the post office with the destination
>> address "any". It's just meaningless.
>>
> I think he only want to 'change' the port-number, and don't touch the
> destination address.
> You could try:
>
> rdr on $interface proto tcp from any to port 2525 -> port 25
>
> But that's a wild guess (I'm *not* sure)
He'll need to specify an IP address for the redirection destination,
e.g.:
rdr on $interface proto tcp from any to port 2525 -> 127.0.0.1 port 25
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-pf
mailing list