View Single Post
  #1   (View Single Post)  
Old 27th October 2010
element element is offline
New User
 
Join Date: Oct 2010
Posts: 3
Default OBSD 4.1/NAT port redirection/interception across 7 Class C's

I've been having quite a bit of issues trying to set this up. Basically i have an openbsd box that filters all inbound/outbound traffic for 7 class c's. I'm implementing ASSP for spam filtering since the previous admin where i work thought it would be a great idea to have all 2000+ ips listen on port 25 for smtp connections. We receive 400-800 simultaneous smtp connections per second. I would like to tunnel these to a dual quad 8gb box i have set up for filtering, however i cant seem to get reverse traffic working. I have no clue if this is even possible, but any information would help.



INTERNET -> DMZ -> OBSD -> xxx.xxx.1-7.xxx


Ideally i would like all connections on 25/587 to redirect to xxx.xxx.3.1

so smtp -> ANY -> xxx.xxx.3.1
Code:
table <colo> const { xxx.xxx.1/24, xxx.xxx.2/24, xxx.xxx.3/24, xxx.xxx.4/24, xxx.xxx.5/24, xxx.xxx.6/24, xxx.xxx.7/24}

nat on $ext_if from <colo> -> ($ext_if)

rdr on $ext_if proto tcp from any to <colo> port 25 -> xxx.xxx.3.1 port 26
when i set it up this way the reverse route doesn't seem to complete

pfctl -s state gives the following

all tcp xxx.xxx.3.1:26 <- xxx.xxx.1.1:25 <- HOMEIP:61516 CLOSED:SYN_SENT
all tcp HOMEIP:61516 -> xxx.xxx.3.1:26 SYN_SENT:CLOSED

I'm guessing i need a route-to for each of the subnets/gateways?
Reply With Quote