Hi everyone. I'm trying to get some control of the MSN protocol in my
network.
My OpenBSD firewall has 4 interfaces: 2 lan, 1 wan and 1 dmz.
What i'm trying to do is:
1. Allow some hosts to use MSN;
2. Redirect the MSN connections of some hosts from the LAN interfaces to
a MSN proxy in the DMZ interface;
3. Block the rest.
This is how i'm trying to achieve:
# msn proxy redirect
rdr on $lan1_iface proto tcp from $msn-redirect to any port 1863 ->
$proxy
rdr on $lan1_iface proto tcp from $msn-redirect to any port
25000:30000 -> $proxy
# msn filter
pass out quick on $inet_iface inet proto tcp from $msn-redirect to
$proxy port 1863 keep state
pass out quick on $inet_iface inet proto tcp from $msn-allowed1 to
any port 1863 keep state
pass out quick on $inet_iface inet proto tcp from $msn-allowed2 to
any port 1863 keep state
pass out quick on $inet_iface inet proto tcp from $proxy to any port
1863 keep state
block out on $inet_iface inet proto tcp from any to any port 1863
All hosts but the $proxy are in the $lan1_iface, the $proxy host is in
the DMZ. I'm doing NAT in the $inet_iface (wan interface).
The thing is that this is not working. Any host can connect to the MSN.
If I switch "block out on" for "block out quick on", then no one, even
the allowed ones, can connect. What i'm doing wrong?
Tks in advance, and sorry for my poor english.
--
