From owner-freebsd-pf@FreeBSD.ORG Tue Jun 19 05:54:55 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA8DB1065694 for ; Tue, 19 Jun 2012 05:54:55 +0000 (UTC) (envelope-from nejc@skoberne.net) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 4F6A68FC1E for ; Tue, 19 Jun 2012 05:54:55 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so5861725wgb.31 for ; Mon, 18 Jun 2012 22:54:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skoberne.net; s=google; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=V9NH9JeeeBm4SFaJZgvHP1W18YMXKw3QmCNb5KB8AvY=; b=QWGWnhL1ifTxZcxymUD/eO9bO2rTJYzjh/64+SwvleUofgdzyMsG++RgLq5+BQzWzC Yr+2aJXiqgvifs3g3xHu0xwLmaxEwbJccqNIjvBlLUpC7TDY+tHXA1N/LmuLOm/OJQE6 Qx4GIau8Qo5PMRpaPxvEE/yJMSF2Q9jbCdgBI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding:x-gm-message-state; bh=V9NH9JeeeBm4SFaJZgvHP1W18YMXKw3QmCNb5KB8AvY=; b=I28oShZb1FtSOoillZzlOy3Ic4Dlqp/O+Oc9l5i0orJn2vj/nyaKxBVVSLH6AvHIj6 AJ02sN5xPUMP3cIsgCpeJwiCkfkCs1lq4ylsnj6HNOtYiRJnNOjq5U0FgwZqoho0AqpS KCmg+hKQ+bGJ0aYSICax1GfPy9Ae4QBfudoGwu0jk/d26ql96wl2OPAaXZsUx3d6oBFw 9F1/4zPavagOZ69X1nzTiK8PigQDCEPppj/YBtEQm+GWGS8Zj/3J/YjLFjKYz6Q/3y1D XX9PNVsZJNQYGKp0O9rNRFu3zy20Wcw8TLcYoketSoNk1gg9jLrJdnc1CD6isLSeyFo8 RbTg== Received: by 10.216.198.23 with SMTP id u23mr9903917wen.195.1340085294372; Mon, 18 Jun 2012 22:54:54 -0700 (PDT) Received: from [192.168.15.134] (89-212-50-81.static.t-2.net. [89.212.50.81]) by mx.google.com with ESMTPS id ei4sm54818884wid.5.2012.06.18.22.54.52 (version=SSLv3 cipher=OTHER); Mon, 18 Jun 2012 22:54:53 -0700 (PDT) Message-ID: <4FE0142A.80003@skoberne.net> Date: Tue, 19 Jun 2012 07:54:50 +0200 From: =?windows-1252?Q?Nejc_=8Akoberne?= User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQlqwNXK0IfCrj4vDekNw7Jd8cvj06A6B+ywS9v3rAYCbqvtUPBxCmWP5F9l0pk0m3bgaM3L Subject: Source port translation only X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 05:54:55 -0000 Hi, I want to do (stateful) source port translation (restriction actually) on my outgoing packets, but no source address translation. And I want to do it for IPv6. So if there is a TCP packet like this: SRC ADDR: 2001:db8::10 DST ADDR: 2001:c0de: SRC PORT: 53523 DST PORT: 80 I want to translate it so that the source port falls into a specific port range, say [1024:2047]: SRC ADDR: 2001:db8::10 DST ADDR: 2001:c0de: SRC PORT: 1500 DST PORT: 80 If the source port is already in the requested port range, no translation is needed (but the state has to be kept anyway). Is this possible to do with pf? If not, does anybody know for any other (simple) way to do it? Thanks, Nejc