conversion from openbsd firewall to ipchains..

To: debian-isp@lists.debian.org
Subject: conversion from openbsd firewall to ipchains..
From: Frank Nijenhuis <f.nijenhuis@zx.nl>
Date: Tue, 26 Feb 2002 21:30:24 -0800
Message-id: <[🔎] 5.1.0.14.0.20020226211032.00b19408@mail.bos.nl>

Not so debian related although all our servers are running debian, tomorrowwe will definitely see goodbye to the one of the last not debian systems inour network..mission accomplished :)

Anyway, i'm trying to convert that quit unreadable openbsd firewall rulesto linux 2.4 packfiltering...and things are not quit clear. Is thereanyone here with experience in both who could convert the openbds rulesbelow to packetfiltering alternatives..i got some ideas..but i'm not quitsure..and some rules doesn't make sense to me due to lack of experiencewith the bsd platform...

Hopefully some can help out.

some of the rules:

rdr xl0 231.92.183.10/32 port 25 -> 192.168.1.19 port 25
becomes:

/sbin/iptables -t -A PREROUTING -i eth0 -p tcp -d 231.92.183.10/32 --dport25 -j DNAT --to 192.168.1.19:25


but
map xl0 192.168.1.101/32 -> 231.92.183.34/32
becomes?

and a rule like:
pass out on xl1 proto  udp  from any to 192.168.1.23/32 port = 500

which seems to redirect incoming traffic of the external nic of thefirewall directly to an internal system..should this become??:/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 500 -j REDIRECT--to 192.168.1.23/32 --to-port 500


Am I correct on this?

thanx..

Frank

Reply to:

Prev by Date: Re: Apache PHP support documentation
Next by Date: Re: [OT] IT Support/Ticket tracking application
Previous by thread: Re: Apache PHP support documentation
Next by thread: INTEL SRCU31
Index(es):
- Date
- Thread