Date: Fri, 25 Feb 2011 10:28:48 -0500 From: Michael Scheidell <michael.scheidell@secnap.com> To: <freebsd-ipfw@freebsd.org> Subject: looking to translate SRC port as well. Message-ID: <4D67CAB0.7090700@secnap.com>
next in thread | raw e-mail | index | archive | help
In short, I have a sip server that is very restrictive on the dst port,
and a sip trunk provider that is very restrictive on src ports.
Naturally, its a great sip server, and a great sip trunk service, and
the ports each one demands are not the same.
the sip server listens on udp port 5080, and the sip trunk provider MUST
send TO udp port 5060.
(easy, right?) no, when the sip server sends to the sip trunk provider,
the sip trunk provider must think the sip server src port is 5060 also!
(and it is not)
So, the sip server must think it is sending and receiving sip on port
5080, the sip trunk must think it is sending and receiving on port 5060.
I have looked at ipfw/divert sockets, netawk, natd, and trying to find
the easiest way to do it.
I thought about writing a perl module, and have ipfw divert to it (perl
has optional divert socket pm's)
traffic map should look like this inbound:
em0: siptrunk.sipprovider.com:5060 -> em1: sipswitch.secnap.com:5060
(leg before translation)
after translation:
em0: siptrunk.sipprovider.com:5080 -> em1: sipswitch.secnap.com:5080.
outbound:
em1:sipswitch.secnap.com:5080 -> em0: siptrunk.sipprovider.com:5080 (leg
before translation)
em1: sipwwitch.secnap.com:5060 -> em0: siptrunk.sipprovider.com:5060
(leg after translation)
see, its not just the dst port I need translated, but the src port that
the other side sees as well.
additional notes:
I can capture inbound and outbound via if_bridge, since em0 and em1 are
using a transparent ipfw->if_bridge fw.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D67CAB0.7090700>