Jefferson Ogata wrote:Jefferson Ogata wrote:[cut]
I'll assume the former case:
Try using for ipnat:
rdr xl1 222.222.222.194/32 port 25 -> 10.0.1.10 port 25 tcp
and for ipf:
pass in quick on xl1 proto tcp from 222.222.222.192/26 to 10.0.1.10/32 port = 25 keep state
Thanks for your response.
I tried that, with no success.. ipmon output when I telnet from .195 on .194 port 25:
[EMAIL PROTECTED]:[etc]# ipmon -a | grep 2xx.xxx.xxx.195
03/02/2004 16:13:56.588766 @2 NAT:RDR 10.0.1.10,25 <- -> 200.181.105.194,25 [2xx.xxx.xxx.195,1259]
03/02/2004 16:13:56.588782 STATE:NEW 2xx.xxx.xxx.195,1259 -> 10.0.1.10,25 PR tcp
Time out..
Okay, and does tcpdump on 10.0.1.10 see the SYN packet? Is there a socket on 10.0.1.10 in SYN_SENT or SYN_RECV state (use netstat -an)? Is there a packet filter on 10.0.1.10?
Also, can you telnet from the firewall to 10.0.1.10 port 25?
-- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
