Billy Newson wrote: > Darren Reed wrote: ... > >>Exception 1. > >>Fine, but I need to make a few exceptions. For example, say I have a PC > >>at 192.168.5.5 that needs to be excepted. How do I keep this PC from > >>being redirected? > > > > > > rdr fxp0 from ! 192.168.5.5/32 to 0.0.0.0/0 port 25 -> 192.168.0.1 port > > 2525 tcp
The negation '!' is not allowed in NAT rules. > Before [works]: > rdr fxp0 0/0 port 25 -> 192.168.1.2 port 2525 tcp > > After [doesn't work]: > rdr fxp0 from 192.168.0.52/32 to 0/0 port 25 -> 192.168.1.2 port 2525 tcp Should read: rdr fxp0 from 192.168.0.52/32 to 0/0 port = 25 -> 192.168.1.2 port 2525 tcp When "from ... to" is used, the port must be specified by the port-comp/range syntax. The "from ... to" usage with rdr has never been documented in ipnat.5 so far -- Darren, please update the man page, this has become a FAQ! > >>Exception 2. > >>Also, what if we contact a special server, which needs no redirection? > >>Say, server 192.168.0.1 port 25 traffic is legitimate, and everyone on > >>the LAN should receive *no* redirection for that special server? > > > > > > Easiest way to achieve this is to redirect it to that adddress. > > e.g.: > > > > rdr fxp0 192.168.0.1/32 port 25 -> 0/0 port 25 tcp 0/0 is no allowed syntax here. The destination must not have a netmask but be a single address: rdr fxp0 192.168.0.1/32 port 25 -> 192.168.0.1 port 25 tcp
