Date: Tue, 10 Dec 2013 17:51:18 -0700 From: John Nielsen <lists@jnielsen.net> To: Yuri <yuri@rawbw.com> Cc: net@freebsd.org Subject: Re: How to forward UDP packets to another port and get responses with port translation? Message-ID: <AF9C2EC0-661E-4AF8-893A-F578B49C461A@jnielsen.net> In-Reply-To: <529D053D.8050700@rawbw.com> References: <529D053D.8050700@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 2, 2013, at 3:10 PM, Yuri <yuri@rawbw.com> wrote: > I would like to translate the port in all DNS requests, so that the = server works on the different port (ex. 1053) on the same net and the = client works on the original port 53. >=20 > I am thinking about two approaches: > * forward packets into the server: > ipfw add 200 fwd 192.168.10.1,1053 udp from 192.168.10.0/24 to = 192.168.10.1 53 > The problem with routing responses is that natd(8) doesn't allow to = change the source port, only the source address. There is -alias_address = option but no -alias_port option. >=20 > * divert and natd(8): > natd -port 8668 -interface tap0 -redirect_port udp 192.168.10.1:1053 = 53 > $IPF 200 divert natd udp from 192.168.10.0/24 to 192.168.10.1 53 via = tap0 keep-state >=20 > In both cases reply packets have the source port 1053, and it isn't = clear how to make it 53. > It seems that divert only passes to natd(8) packets from one = direction, and not from the other. >=20 > Is there a way to properly translate the ports back and forth in such = simple UDP communication? A single nat instance with redirect_port _should_ do what you are asking = for; in the above it looks like the responses are bypassing the nat. Here's an untested off-the-top-of-my head snippet (using libalias rather = than natd): ipfw nat 100 config ip 192.168.10.1 redirect_port udp 192.168.10.1:1053 = 53 ipfw add 100 nat 100 ip4 from 192.168.10.0/24 to 192.168.10.1 53 ipfw add 200 nat 100 ip4 from 192.168.10.1 1053 to 192.168.10.0/24 Hope that points you in the right direction. JN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AF9C2EC0-661E-4AF8-893A-F578B49C461A>