[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NAT and filtering specific requests



Hi, I have a question about filtering and how it relates to NAT. 
Specifically, I'm wondering how to filter outbound traffic from a specific
NATed host to a specific remote host.  From reading the faq and a few other
documents I've learned (among other things) that filtering is done after NAT. 
I can see how this might make what I'm trying to do impossible, but at the
same time I feel like it has to be feasible somehow.  Anyway, here's a
(hopefully) clearer explanation of my question:
There's a Firewall/NAT router F, Local machines L and M, and a remote host R.
I want to block outbound traffic only from L to R.  Outbound traffic from M to
R is fine, as it outbound traffic from L to other machines.  Maybe I've just
gotten totally confused somehow, but it seems like I can't do this because the
filter rule won't see a packet with source L and destination R, it'll see a
packet with source F and destination R.  Otherwise I'd do a rule like "block
out on $ext_if from $L to $R".  I tried this and it didn't seem to work, but
maybe there's something else I'm doing wrong.
Sorry if this is an over-asked question, I searched the archives a bit and
didn't find anything that seemed to answer this.  If anyone can either give or
point me at an answer it'd be much-appreciated.  Also, you can reply on or
off-list ([email protected]).
Thanks,
Justin
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com