ipfw configuration to intercept SMTP traffic
Aaron Nichols
adnichols at gmail.com
Mon Nov 1 08:27:54 PST 2004
> I believe you'll have one additional problem to resolve. Even if you
> successfully modify the destination IP address and get it pointed to
> the upstream server, the source IP will be unmodified and will still
> be the originator. Since the source IP is unmodified - the upstream
> mail server will send an ACK back to the originators IP (not yours)
> which will most likely get discarded and the connection will fail.
> Most sane TCP/IP stacks will reject an ACK from an IP address to which
> it did not send a request. Since the ACK is not going to run back
> through your host (thus allowing natd another go at reversing the
> translation) this likely wont work.
Sorry all - I had missed the post regarding use of the -proxy_rule
option, which may address this issue.
Didn't mean to futher confuse the issue.
Aaron
More information about the freebsd-questions
mailing list