ipf nat question: how do you exclude specific ports from being portmapped

To: netbsd-users%netbsd.org@localhost
Subject: ipf nat question: how do you exclude specific ports from being portmapped
From: Sverre Froyen <sverre%viewmark.com@localhost>
Date: Sun, 13 Jun 2010 20:05:53 -0600

Hi,

xbox live needs to avoid portmapping the xbox port (3074).  In other words the 
port number needs to be the same on both sides of the router/firewall.

This can be accomplished a couple of ways. The ipnat.conf line

        map wm0 192.168.1.0/24 -> 0/32

without (or before) a portmap line does the trick.  Or, more restrictively, if 
the xbox has a static IP address,

        map wm0 192.168.1.45/32 -> 0/32

before the portmap line

        map wm0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000

also works.

It would be nice, however, to be able to restrict the mapping to a single port 
and, optionally, IP address. Something like

        map wm0 192.168.1.0/24 except port 3074 -> 0/32
                portmap tcp/udp 40000:60000

or

        map wm0 192.168.1.0/24 port 3074  -> 0/32 port 3074

or

        map wm0 192.168.1.45/32 port 3074  -> 0/32 port 3074

It seems like the last line whic specifies both the address and the port should 
be equivalent to

        rdr wm0 0/0 port 3074 -> 192.168.1.45 port 3074 tcp/udp

but I was unable to get that to work.

If ipf missing this capability, or have I misread the specifications.

Thanks,
Sverre

Prev by Date: Re: hpn-ssh: buffer_append_space errors
Next by Date: Re: postgresql 8.4 semaphores ...
Previous by Thread: Xorg/radeon update renders console unreadable
Next by Thread: cannot mount small FFS filesystem?
Indexes:

Home | Main Index | Thread Index | Old Index