From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 25 15:48:27 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F29E106566B for ; Fri, 25 Feb 2011 15:48:27 +0000 (UTC) (envelope-from michael.scheidell@secnap.com) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id 698EC8FC0A for ; Fri, 25 Feb 2011 15:48:27 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id B01822B7C5C for ; Fri, 25 Feb 2011 10:28:29 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.com; h= content-transfer-encoding:content-type:content-type:subject :subject:mime-version:user-agent:from:from:date:date:message-id; s=dkim; t=1298647708; x=1300462108; bh=qlgmYCX4Dlc9nKQhYMurN9Nt 2ioQjyloelarBQtI1Sw=; b=CB6W1Bf+jch0rcs2//kvyW91FurYl+O6yjCsVEX6 FLnG/0iOUHnZsv3uOEXQWXwYzl7Q4/RfFNhyzJmLWHcH1Xaxb3Irc8p/xQnfm5k1 QfG2IKkD2hVtca+t8xmKdboa/VsXH6sZKmQMtIBbY8mGquwrexdhmRGawcp/FgAU KO0= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.14 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id 7E1CA2B7C0B for ; Fri, 25 Feb 2011 10:28:28 -0500 (EST) Received: from macintosh.secnap.com (10.70.3.3) by USBCTDC001.secnap.com (10.70.1.1) with Microsoft SMTP Server (TLS) id 14.0.722.0; Fri, 25 Feb 2011 10:28:28 -0500 Message-ID: <4D67CAB0.7090700@secnap.com> Date: Fri, 25 Feb 2011 10:28:48 -0500 From: Michael Scheidell User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit Subject: looking to translate SRC port as well. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Feb 2011 15:48:27 -0000 In short, I have a sip server that is very restrictive on the dst port, and a sip trunk provider that is very restrictive on src ports. Naturally, its a great sip server, and a great sip trunk service, and the ports each one demands are not the same. the sip server listens on udp port 5080, and the sip trunk provider MUST send TO udp port 5060. (easy, right?) no, when the sip server sends to the sip trunk provider, the sip trunk provider must think the sip server src port is 5060 also! (and it is not) So, the sip server must think it is sending and receiving sip on port 5080, the sip trunk must think it is sending and receiving on port 5060. I have looked at ipfw/divert sockets, netawk, natd, and trying to find the easiest way to do it. I thought about writing a perl module, and have ipfw divert to it (perl has optional divert socket pm's) traffic map should look like this inbound: em0: siptrunk.sipprovider.com:5060 -> em1: sipswitch.secnap.com:5060 (leg before translation) after translation: em0: siptrunk.sipprovider.com:5080 -> em1: sipswitch.secnap.com:5080. outbound: em1:sipswitch.secnap.com:5080 -> em0: siptrunk.sipprovider.com:5080 (leg before translation) em1: sipwwitch.secnap.com:5060 -> em0: siptrunk.sipprovider.com:5060 (leg after translation) see, its not just the dst port I need translated, but the src port that the other side sees as well. additional notes: I can capture inbound and outbound via if_bridge, since em0 and em1 are using a transparent ipfw->if_bridge fw. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________