Subject: Re: dumb port redirection
To: None <netbsd-users@netbsd.org>
From: Richard Grace <rgrace@aapt.com.au>
List: netbsd-users
Date: 06/03/2002 17:36:32
>>> Wojciech Puchar <wojtek@chylonia.3miasto.net> 3/06/2002 17:14:38 >>>
> is it possible to do such operation with ipf/ipnat:
>=20
> we have router/NAT withreal address 1.2.3.4 and local machine with
> address 10.10.10.10.
I gather that one is Public IP and the other is RFC1918 Private IP?
> if udp packet from 10.10.10.10 port 10000 goes to router, change it's
> header to be from 1.2.3.4 port 1234 and route
>=20
> if udp packet comes to 1.2.3.4 port 1234 change it's header to be to
> 10.10.10.10 port 10000 and route
If fxp1 has a public IP address, and IP Forwarding is turned on, and
the machine knows how to route to 10.10.10.10/32, then:
map fxp1 10.10.10.10/32 -> 210.10.94.15/32
rdr fxp1 1.2.3.4/32 port 1234 -> 10.10.10.10/32 port 1000 udp
... then that is the closest I can think of. Of course, it only works as
you would like in the incoming direction, not in the outgoing direction,
but by adding the following IP Filter rules, you may get what you want
by way of round-about.
block out on fxp1 from 1.2.3.4 to any
block in on fxp1 from any to 1.2.3.4
pass out quick on fxp1 proto udp from 1.2.3.4 to any port =3D 1234
pass in quick on fxp1 proto udp from any to 1.2.3.4 port =3D 1234
That's about as simple as I can think of.
You may also want to look at the "bimap" syntax. I don't know how
that works, but it is in the IP Filter HOWTO.
http://www.obfuscation.org/ipf/
I hope that helps.
Richard.