Re: IPFilter and P3Scan

On Tue, 27 Apr 2004 10:53:50 +0200
Fabrice <fbr@deux.transpac.fr> wrote:
> Dave+Seddon a $Bic(Brit :
>
> > Greetings,
> > ooops. sorry the 'rdr' must be to a different interface.
> > rdr fxp1 0.0.0.0/0 port 110 -> 127.0.0.1 port 8110
> > Regards,
> > Dave
> > Paul Armstrong writes:
> >
> >> On Tue, Apr 27, 2004 at 08:34:36AM +0200, Fabrice wrote:
> >>
> >>> To: ipfilter@coombs.anu.edu.au
> >>> The example is :
> >>> ipfw add fwd 192.168.0.254,8110 tcp from 192.168.0.0/24 to any pop3
> >>
> >>
> >> rdr fxp0 192.168.0.0/24 port 110 -> 192.168.0.254 port 8110 tcp
> >
> Thanks Dave and Paul,
>
> I didn't say it, but I've tried before this method : it doesn't works,
> the pop3 packet loops, because IPnat overwrite the real POP3 server IP
> adress.
> So I think I must use transparent proxy.
>
> Regards
> FAbrice
>

Don't know why your rule failed ...

Here is an example on my internal dns/http machine,
working since FreeBSD-4.4 and now on (mistakenly upgraded) -4.9.

% cat /etc/ipnat.rules
# 53 -> 8053 ... for bind
rdr fxp0 10.0.3.4/32 port 53 -> 10.0.3.4 port 8053 tcp/udp
rdr lo0 10.0.3.4/32 port 53 -> 10.0.3.4 port 8053 tcp/udp
rdr lo0 127.0.0.1/32 port 53 -> 127.0.0.1 port 8053 tcp/udp

# 80 ->8080 ... for apache
rdr fxp0 10.0.3.4/32 port 80 -> 10.0.3.4 port 8080 tcp/udp
rdr lo0 10.0.3.4/32 port 80 -> 10.0.3.4 port 8080 tcp/udp
rdr lo0 127.0.0.1/32 port 80 -> 127.0.0.1 port 8080 tcp/udp
%


Modify interface, ip address, and port number as you like.



horio shoichi