How to exclude 1 ip in global rdr (ipnat)

J

joeanna

Dear alls,
I am running ipnat/ipf on FreeBSD 8.1 stable.
How do I exclude certain ip in global rdr in ipnat.rules. for example:

Code: 
rdr inside-interface any port 80 -> 192.168.2.100 port 80 tcp

That works easily. Now I would like to exclude just 1 ip, for example 202.93.93.93 to be excluded in redirection to another machine. What is the command/syntax in ipnat ?

Thanks in advance.
 
If I'm not wrong, first match rule is applied in ipf nat file.

So, this should work

Code: 
rdr inside-interface from 202.93.93.93 to any port 80 -> another-machine-ip port 80 tcp
rdr inside-interface any port 80 -> 192.168.2.100 port 80 tcp

Try and tell us.
 
Thank you for your information.

I would like to redirect all outgoing traffic to port 80 to another machine and exclude outgoing traffic to 1 WAN IP (202.93.93.x)
I would like traffic intended to this WAN IP out directly, not redirected to any other internal LAN servers, or proxies.

So this is how I tried and it worked out:

Code: 
rdr inside-interface 202.93.93.x/32 port 80 -> 202.93.93.x port 80 tcp
rdr outside-interface 202.93.93.x/32 port 80 -> 202.93.93.x port 80 tcp 
rdr inside-interface any port 80 -> IP-of-my-proxy port 80 tcp
 
You must log in or register to reply here.
Back
Top