replacing port in outgoing packets to any host
freebsd-questions-local at be-well.ilk.org
Sun Feb 25 22:04:05 UTC 2007
ck <ck at yourserveradmin.com> writes:
> Hello, participants!
> In constant effort to prevent trojans to send spam following question
> came to my mind.
> Is there any way to replace port number for all outgoing packets?
> Long version:
> I want to block outgoing port 25 completely for network behind NAT
> router and allow port 8025 for example. But it means that router will
> have to replace outgoing port 8025 with port 25. After intensive
> googling it looks like my idea is... well... not popular. So, I just
> wonder if this is possible at all? Something like this:
If it *were* popular, the spammers' viruses would be taught to use
it. None of these kinds of "solutions" are scalable.
> rdr any to any port 8025 -> any port 25
> PS Yes, I know that I can redirect port to open-relay on known static IP.
You can do something like that, but once you're going to that much
effort, it's a lot easier (*and* more effective) to just force
everyone to use an internal smarthost.
More information about the freebsd-questions