Hi, I have a question about filtering and how it relates to NAT. Specifically, I'm wondering how to filter outbound traffic from a specific NATed host to a specific remote host. From reading the faq and a few other documents I've learned (among other things) that filtering is done after NAT. I can see how this might make what I'm trying to do impossible, but at the same time I feel like it has to be feasible somehow. Anyway, here's a (hopefully) clearer explanation of my question:
There's a Firewall/NAT router F, Local machines L and M, and a remote host R. I want to block outbound traffic only from L to R. Outbound traffic from M to R is fine, as it outbound traffic from L to other machines. Maybe I've just gotten totally confused somehow, but it seems like I can't do this because the filter rule won't see a packet with source L and destination R, it'll see a packet with source F and destination R. Otherwise I'd do a rule like "block out on $ext_if from $L to $R". I tried this and it didn't seem to work, but maybe there's something else I'm doing wrong. Sorry if this is an over-asked question, I searched the archives a bit and didn't find anything that seemed to answer this. If anyone can either give or point me at an answer it'd be much-appreciated. Also, you can reply on or off-list ([EMAIL PROTECTED]). Thanks, Justin __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
