|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Cy Schubert - ITSD Open Systems Group (Cy.Schubert
uumail.gov.bc.ca)Date: Sun Jul 22 2001 - 17:34:15 CDT
In message <3B5B49DC.2606DAA8miltonstreet.com>, Sam Carleton writes:
> If you where not following along with the problem I had, the rdr rules
> in my nat file where not working. Someone send me a private email that
> resolved the problem. I had:
>
> rdr iy0 0/32 port 443 -> 192.168.0.x port ??? tcp
>
> But 0/32 is not valid in a rdr, I had to use the real ip address. Now I
> simply need to write a script that will update the nat table every time
> my IP changes...
>
> I am off to do some dhclient_script hacking!
You don't need to hack anything. Here is an example from one of the
firewalls I manage.
rdr xl0 0/0 port 25 -> 10.1.2.3 port 25 tcp
map xl0 10.0.0.0/8 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map xl0 10.0.0.0/8 -> 0.0.0.0/32 proxy port kftp ftp/tcp
map xl0 10.0.0.0/8 -> 0.0.0.0/32 portmap tcp/udp 40000:60000
map xl0 10.0.0.0/8 -> 0.0.0.0/32
# map xl0 0.0.0.0/0 -> 0.0.0.0/32 proxy port ekshell rcmd/tcp
# map xl0 0.0.0.0/0 -> 0.0.0.0/32 proxy port kshell rcmd/tcp
# map xl0 0.0.0.0/0 -> 0.0.0.0/32 proxy port shell rcmd/tcp
map xl0 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet: Cy.Schubertosg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]