Gary Algier wrote:
How do I do an RDR on only some of the traffic?
For example, I want to put a rule on our email server:
rdr hme0 from !172.16.0.1 to 0.0.0.0/32 port 25 -> 172.16.0.1 port 25
In this way, email that has not passed through our email Spam appliance
will
be passed through it, but email coming from the appliance will be be
delivered
to the local sendmail process.
Is something like this possible? I don't see that "from ... to ..." is
allowed on "rdr".
BTW: the actual rule would be something ending in "-> 127.0.0.1 port 2525"
and there would be a plugdaemon running on localhost:2525 to forward the
email. I figure I have to do this because of the in-one-if-out-another
contraint of ipnat.
Can anyone offer any suggestions?
Oops! Never mind. The Solaris 10 man pages for ipnat.conf are bad.
They document rdr as not taking "from ... to ..." and when I got a
syntax error on something I read the man page (foolish me!) and
jumped to a conclusion. I figured out how to make it match on "from".
BTW: the man pages give BNF-like syntax of:
ipmap ::= mapblock | redir | map .
...
redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport
rdroptions .
...
ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask
--
Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
Nielsen's First Law of Computer Manuals:
People don't read documentation voluntarily.
