IPF+IPNAT and port redirection

Luciano Musacchio l0kit0 at exactas.org
Tue Nov 16 08:53:25 PST 2004 

Odhiambo,
it seems to me that 0/24 is not correct, dynamic inet address should be 
refferred as 0/32,

I would do something like this:
rdr <int_if> 0.0.0.0/32 port 25 -> 10.0.0.2 port 25
map <out_if> from 10.0.0.0/24 ! to 10.0.0.0/24 -> 0/32 portmap tcp/udp auto
map <out_if> from 10.0.0.0/24 ! to 10.0.0.0/24 -> 0/32

its just an idea, im new to this too :), but see the negated rules, it allows 
you to make connections within the internal network, your way, all packets 
are send away to inet with an private ip destination and of course, the first 
router they find will drop it,

good luck


El Martes 16 Noviembre 2004 15:49, Odhiambo Washington escribió:
> I have a FreeBSD router box running IPF/IPNAT.
> With the advent of Viruses that have their own SMTP engines,
> I would like to capture any traffic going out from internal LAN
> to port 25 and redirect those to port 25 of my router.
> I believe this is the equivalent of "reverse port mapping", if
> I can call it that.
> How do I redirect this using ipnat?
> Right now I have the following in my /etc/ipnat.rules:
>
> map rl0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
> map rl0 10.0.0.0/24 -> 0.0.0.0/32
>
> .... rl0 being my oif, and xl0 being iif.
>
> Given that my iip is 10.0.0.2, I would like to do this:
>
> rdr xl0 0.0.0.0/24 port 25 -> 10.0.0.2 port 25
>
> The problem is 10.0.0.2 is a subset of 0.0.0.0/24. Shall I redirect then
> to the external IP instead?
>
> I am damn confused with these IPNAT stuff ;)
>
>
>
> -Wash
>
> http://www.netmeister.org/news/learn2quote.html
>
> --
> +======================================================================+
>
>     |\      _,,,---,,_     | Odhiambo Washington    <wash at wananchi.com>
>
> Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
>
>    |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
>
>   '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
> +======================================================================+
> The fact that it works is immaterial.
> 		-- L. Ogborn
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list