Darren Reed wrote:
In some mail from Billy Newsom, sie said:
I am using the ipfilter built into FreeBSD 5.4 v3.4.35 (336). I just
came across a need to use a new redirect, but I don't see anything in
the Howto discussing it, which usually fixes me up.
I have this new rule:
rdr fxp0 0.0.0.0/0 port 25 -> 192.168.0.1 port 2525
This will allow all port 25 traffic starting from LAN to WAN to go to
port 2525 on a machine of my choice.
Exception 1.
Fine, but I need to make a few exceptions. For example, say I have a PC
at 192.168.5.5 that needs to be excepted. How do I keep this PC from
being redirected?
rdr fxp0 from ! 192.168.5.5/32 to 0.0.0.0/0 port 25 -> 192.168.0.1 port 2525 tcp
Although this doesn't work well if there's a number of individual addresses
that you want to make this exception for,
Okay, great. But two questions. #1, why won't this work on FreeBSD
5.4? Any ideas?
Before [works]:
rdr fxp0 0/0 port 25 -> 192.168.1.2 port 2525 tcp
After [doesn't work]:
rdr fxp0 from 192.168.0.52/32 to 0/0 port 25 -> 192.168.1.2 port 2525 tcp
Here's the commandline output when I tried this:
#rc.d/ipnat reload
1 entries flushed from NAT table
3 entries flushed from NAT list
11: unknown range operator (->)
11: syntax error in "rdr"
/etc/ipnat.rules: parse error (-1), quitting
Exit 1
#2, How many is too many when you say "a number of individual
addresses"? Can I do this for at most one host, or are you just saying
it will slow stuff down if I have a lot of hosts using the FROM/TO portion?
Exception 2.
Also, what if we contact a special server, which needs no redirection?
Say, server 192.168.0.1 port 25 traffic is legitimate, and everyone on
the LAN should receive *no* redirection for that special server?
Easiest way to achieve this is to redirect it to that adddress.
e.g.:
rdr fxp0 192.168.0.1/32 port 25 -> 0/0 port 25 tcp
Darren
I thought about that, but I didn't know for sure. Thanks.
