Date: Tue, 22 Jan 2002 19:23:03 +0200 From: "Mustafa N. Deeb" <mustafa@palnet.com> To: Ramiro =?iso-8859-1?Q?V=E1zquez?= <lrvazquez@megared.net.mx>, <freebsd-ipfw@FreeBSD.ORG> Subject: Re: Using ipfw to make a "Dynamic NAT depending of protocol L7" Message-ID: <5.1.0.14.0.20020122192225.00b4c9c0@mail.palnet.com> In-Reply-To: <008101c1a368$f23b1890$1500a8c0@corp.megared.net.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
well, the msn guys, say that MSN behind private addressing wont' work unless you use a socks server.. ONLY... CHeers At 11:19 AM 1/22/2002 -0600, Ramiro V=E1zquez wrote: >Hi, > > We work at a cable-ISP and we are using NAT & PAT to provide enough IP >Addresses to our customers. > > We have experienced problems with certains applications, mostly with >peer to peer applications like MSN Messenger. > Some features like send files function don't work. > We put a sniffer and discover that when one of our customer try to= send >a file to someone out of our net does this: > 1.- The application opens a port ( 6891-6899 ). > 2.- Sends the IP of the machine ( the private IP ) and the port that= is >listening. > 3.- The another peer try to connect to the private IP and the port= that >it had received. > 4.- The connection fails. > > We modify a proxy to change the packet that the application sends with >the private IP and the local port to replace them for a public IP and >another port, then the proxy sends this changes to an application that just >maps or forwards the port that we sent to the peer outside to the real IP >and port of our costumer. > > This solution works and we going to begin with the test with more >connections, but maybe is not the best solution, one disadvantage is that >the costumer must to specify a proxy and it's a hard work. > > We think that if we could make this changes with ipfw or ip-filters= and >then add a rule to natd or ip-nat to forward the port, it would be more >efficient. > > Then we can redirect the traffic of MSN to ipfw or ip-filters and make >all transparent to our costumers. > > We think that we can do this for the most important applications to >solve this problem, and its very important because we use a lot of PAT and >many applications can't work with the complete features. > > Is it possible make this with ipfw ?? Is anybody working arround= this >?? > > Any idea or comment would be helpful !! > > Thanks. > >Ramiro Vazquez >Megacable > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020122192225.00b4c9c0>