At 01:20 PM 11/12/99 -0500, Ted Lemon wrote:
>
>Hm.   I haven't had that problem.   Here's my ipnat.conf:
>
>#
># Redirect Real Networks streams to 10.0.0.9
># (interestingly, it seems to work for any host)
>#rdr ppp0 0/0 port 7070 -> 10.0.0.9 port 7070 tcp/udp
>#

Most probably because Realplayer will fallback to a tcp transport if UDP
doesn't work. I'd bet that your machine at 10.0.0.9 is using udp, while all
the others are using a tcp socket opened by the client.

(BTW, your rdr lines only apply to the ppp0 interface, not to the fxp1
interface. So if your Internet traffic is coming in fxp1, probably *all* of
your machines are doing Realplayer in tcp mode.)

(IPFilter 3.3 has an in-kernel proxy for Real Audio, but I haven't
installed it yet, so I can't say how well it works)

>map fxp1 10.0.0.0/8 -> 0/32 proxy port ftp ftp/tcp

Note that this one will only work if 1) all your ftp clients are using
passive mode, or 2) you allow all incoming tcp sessions in ipf (anyone know
if there's a way to get ipf to recognize ftp data streams like ipnat does?

>I don't claim to know how this works, but it seems to work fine even
>when the globally-routable IP address changes.

It's having the IP address set to 0 that makes it work. As long as you
reload the NAT rules any time the IP address changes, you're okay - ipnat
changes 0.0.0.0 to the address of the interface at the time the rule is
loaded. I do the following any time my IP changes:

	ipnat -F
	ipnat -C
	ipf -E
	ipf -F a -f /etc/ipf.conf
	ipnat -f /etc/ipnat.conf

(I copied this verbatim from a demand-dial PPP setup I got out of a FAQ
somewhere). I run this manually; I haven't put it into my dhclient script
because my provider only changes my address if my cable modem fries and
they install a new one (happened once already).