replacing port in outgoing packets to any host

Lowell Gilbert freebsd-questions-local at
Sun Feb 25 22:04:05 UTC 2007

ck <ck at> writes:

> Hello, participants!
> In constant effort to prevent trojans to send spam following question
> came to my mind.
> Is there any way to replace port number for all outgoing packets?
> Long version:
> I want to block outgoing port 25 completely for network behind NAT
> router and allow port 8025 for example. But it means that router will
> have to replace outgoing port 8025 with port 25. After intensive
> googling it looks like my idea is... well... not popular. So, I just
> wonder if this is possible at all? Something like this:

If it *were* popular, the spammers' viruses would be taught to use
it.  None of these kinds of "solutions" are scalable.

> rdr any to any port 8025 -> any port 25
> PS Yes, I know that I can redirect port to open-relay on known static IP.

You can do something like that, but once you're going to that much
effort, it's a lot easier (*and* more effective) to just force
everyone to use an internal smarthost.

More information about the freebsd-questions mailing list