[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NAT and filtering specific requests
Hi, I have a question about filtering and how it relates to NAT.
Specifically, I'm wondering how to filter outbound traffic from a specific
NATed host to a specific remote host. From reading the faq and a few other
documents I've learned (among other things) that filtering is done after NAT.
I can see how this might make what I'm trying to do impossible, but at the
same time I feel like it has to be feasible somehow. Anyway, here's a
(hopefully) clearer explanation of my question:
There's a Firewall/NAT router F, Local machines L and M, and a remote host R.
I want to block outbound traffic only from L to R. Outbound traffic from M to
R is fine, as it outbound traffic from L to other machines. Maybe I've just
gotten totally confused somehow, but it seems like I can't do this because the
filter rule won't see a packet with source L and destination R, it'll see a
packet with source F and destination R. Otherwise I'd do a rule like "block
out on $ext_if from $L to $R". I tried this and it didn't seem to work, but
maybe there's something else I'm doing wrong.
Sorry if this is an over-asked question, I searched the archives a bit and
didn't find anything that seemed to answer this. If anyone can either give or
point me at an answer it'd be much-appreciated. Also, you can reply on or
off-list ([email protected]).
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around