Date: Thu, 03 Jul 2003 17:53:51 +0000 From: "B Franks" <bsf_40@hotmail.com> To: freebsd-questions@freebsd.org Subject: ipfw/natd/divert question Message-ID: <Law10-F99qTnrrXj7gC00004144@hotmail.com>
next in thread | raw e-mail | index | archive | help
I'd like to come up a ruleset that handles the following example. Suppose I have a daemon listeing on port 2000 and I'd like outside clients to be able to communicate with the daemon by addressing traffic to port 2000 or port 2001. So, suppose I have for my natd configuration: -redirect_port tcp 1.2.3.4:2000 1.2.3.4:2001 And then in my ipfw ruleset, if I use: add 100 divert natd tcp from any to 1.2.3.4 2001 in via rl0 add 101 divert natd tcp from 1.2.3.4 2000 to any out via rl0 It seems that traffic coming in normally to 1.2.3.4:2000 would enter fine. And traffic coming into 1.2.3.4:2001 would be diverted to natd which would rewrite the destination port as 1.2.3.4:2000. So far so good. But my concern is with the 101 ipfw rule...wouldn't it always rewrite traffic leaving from 1.2.3.4:2000 as 1.2.3.4:2001? In which case is there a way to distinguish the outbound divert to only take place if the traffic was initially diverted on the way in...some sort of divert keep-state? Thanks for any help or explanations. _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Law10-F99qTnrrXj7gC00004144>