Redirect Module



Description

It can be used to restrict the port ranges used by the Barefoot server, which can be useful for cases where a firewall needs to know which port ranges the Barefoot server will use.

It can also be used to make the IP-address the Barefoot server will use when connecting to a remote server be chosen based on the clients IP-address.

Syntax

redirect from: <address>
Here address is an address in the standard Barefoot format.

Semantics

from is the address to use on behalf of the client when connecting to the remote server. I

SIGHUP

A reload of the configuration file only affects sessions created after the reload. It will not affect any of the existing sessions.

This means that changing e.g., a pass statement to a block statement, does not terminate the session of any existing client. Likewise, changing the limits set in a rule does not change the values for any existing session.

After a reload of the configuration file, old sessions will continue to operate in a separate space, using the old configuration, while new sessions will use the new configuration.

Examples

Limiting the port ranges used by the Barefoot server

client pass {
   from: 0.0.0.0/0 to: barefoot-server port = smtp
   bounce to: internal-mail-server
   redirect from: de1 port > 32768
}
  

Using different IP-addresses for different clients

# clients from the 10.1/16-net will be assigned IP-address 192.168.0.1
client pass {
   from: 10.1.0.0/16 to: barefoot-server port = http
   bounce to: internal-web-server
   redirect from: 192.168.0.1/32
}



# clients from the 10.2/16-net will be assigned IP-address 192.168.0.2 client pass { from: 10.2.0.0/16 to: barefoot-server port = http bounce to: internal-web-server redirect from: 192.168.0.2/32 }

Copyright © 1998-2018 Inferno Nettverk A/S