[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

conversion from openbsd firewall to ipchains..




Not so debian related although all our servers are running debian, tomorrow we will definitely see goodbye to the one of the last not debian systems in our network..mission accomplished :)

Anyway, i'm trying to convert that quit unreadable openbsd firewall rules to linux 2.4 packfiltering...and things are not quit clear. Is there anyone here with experience in both who could convert the openbds rules below to packetfiltering alternatives..i got some ideas..but i'm not quit sure..and some rules doesn't make sense to me due to lack of experience with the bsd platform...
Hopefully some can help out.

some of the rules:

rdr xl0 231.92.183.10/32 port 25 -> 192.168.1.19 port 25
becomes:
/sbin/iptables -t -A PREROUTING -i eth0 -p tcp -d 231.92.183.10/32 --dport 25 -j DNAT --to 192.168.1.19:25

but
map xl0 192.168.1.101/32 -> 231.92.183.34/32
becomes?

and a rule like:
pass out on xl1 proto  udp  from any to 192.168.1.23/32 port = 500
which seems to redirect incoming traffic of the external nic of the firewall directly to an internal system..should this become??: /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 500 -j REDIRECT --to 192.168.1.23/32 --to-port 500

Am I correct on this?

thanx..

Frank









Reply to: