Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

translate these PF nat rules to FWB/iptables?

nnn
2011-11-26
2013-03-05
  • nnn
    nnn
    2011-11-26

    i'm migrating a pf firewall to an iptables setup.

    i have two pf nat rules,

      nat on $wanIF from $smtpLAN              to any port{25,465,587} -> $smtpWAN
      nat on $wanIF from $smtpLAN port{25,587} to any                       -> $smtpWAN

    that i'm unclear how to deal with in FWB.

    in NAT policy, columns are,

    OrigSrc:OrigDst:OrigSrv:TransSrc:TransSrv:IfcIn:IfcOut:Act:Opt

    which don't seem to map 1:1 to the src/prt specs in PF.

    rather than guessing, what'd be the correct implementation in FWB/iptables of those PF rules?

     
  • Vadim Kurland
    Vadim Kurland
    2011-11-27

    the part after "from" goes to the "original source" and the part after "->" goes to the "translated source". To describe port translation you need to create TCP service object with corresponding port numbers and put it in the "original service". You need two sets of tcp service objects for these two rules. One set of three separate tcp service objects should have destination port 25, 465 and 587 and should be used with rule 1. The other, with source port 25 and 587, in rule 2.

    You can place outside interface in the "Outbound Interface" rule element but if you dont, compiler will try to guess it for you by matching ip addresses used in the rule against addresses of interfaces.

    Fwbuilder comes with many typical tcp service objects in the Standard objects library, I suggest you look in ti for the tcp service objects you need first and then create those that are not there.

    Users Guide explains NAT rules in more details:

    http://www.fwbuilder.org/4.0/docs/users_guide5/nat.html