From owner-freebsd-net@FreeBSD.ORG  Mon Dec  2 22:10:06 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 69AFF3DA
 for <net@freebsd.org>; Mon,  2 Dec 2013 22:10:06 +0000 (UTC)
Received: from shell0.rawbw.com (shell0.rawbw.com [198.144.192.45])
 by mx1.freebsd.org (Postfix) with ESMTP id 5704E1D3C
 for <net@freebsd.org>; Mon,  2 Dec 2013 22:10:05 +0000 (UTC)
Received: from eagle.yuri.org (stunnel@localhost [127.0.0.1])
 (authenticated bits=0)
 by shell0.rawbw.com (8.14.4/8.14.4) with ESMTP id rB2MA5NU043505
 for <net@freebsd.org>; Mon, 2 Dec 2013 14:10:05 -0800 (PST)
 (envelope-from yuri@rawbw.com)
Message-ID: <529D053D.8050700@rawbw.com>
Date: Mon, 02 Dec 2013 14:10:05 -0800
From: Yuri <yuri@rawbw.com>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: net@freebsd.org
Subject: How to forward UDP packets to another port and get responses with
 port translation?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 22:10:06 -0000

I would like to translate the port in all DNS requests, so that the 
server works on the different port (ex. 1053) on the same net and the 
client works on the original port 53.

I am thinking about two approaches:
* forward packets into the server:
ipfw add 200 fwd 192.168.10.1,1053 udp from 192.168.10.0/24 to 
192.168.10.1 53
The problem with routing responses is that natd(8) doesn't allow to 
change the source port, only the source address. There is -alias_address 
option but no -alias_port option.

* divert and natd(8):
natd -port 8668 -interface tap0 -redirect_port udp 192.168.10.1:1053 53
$IPF 200 divert natd udp from 192.168.10.0/24 to 192.168.10.1 53 via 
tap0 keep-state

In both cases reply packets have the source port 1053, and it isn't 
clear how to make it 53.
It seems that divert only passes to natd(8) packets from one direction, 
and not from the other.

Is there a way to properly translate the ports back and forth in such 
simple UDP communication?

Yuri