From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 25 19:51:56 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FA46106567A for ; Fri, 25 Feb 2011 19:51:56 +0000 (UTC) (envelope-from dima_bsd@inbox.lv) Received: from mgw1.apollo.lv (mgw1.apollo.lv [80.232.168.216]) by mx1.freebsd.org (Postfix) with ESMTP id E5EEB8FC13 for ; Fri, 25 Feb 2011 19:51:55 +0000 (UTC) Received: from [46.109.210.164] (unknown [46.109.210.164]) by mgw1.apollo.lv (Postfix) with ESMTP id A481B3D6CB8; Fri, 25 Feb 2011 21:35:44 +0200 (EET) From: Dmitriy Demidov To: michael.scheidell@secnap.com, freebsd-ipfw@freebsd.org Date: Fri, 25 Feb 2011 19:35:43 +0000 User-Agent: KMail/1.9.10 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <201102251935.43414.dima_bsd@inbox.lv> X-Brightmail-Tracker: AAAAAA== Cc: Subject: Re: looking to translate SRC port as well. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Feb 2011 19:51:56 -0000 > In short, I have a sip server that is very restrictive on the dst port, > and a sip trunk provider that is very restrictive on src ports. > Naturally, its a great sip server, and a great sip trunk service, and > the ports each one demands are not the same. > the sip server listens on udp port 5080, and the sip trunk provider MUST > send TO udp port 5060. > (easy, right?) no, when the sip server sends to the sip trunk provider, > the sip trunk provider must think the sip server src port is 5060 also! > (and it is not) > So, the sip server must think it is sending and receiving sip on port > 5080, the sip trunk must think it is sending and receiving on port 5060. > I have looked at ipfw/divert sockets, netawk, natd, and trying to find > the easiest way to do it. > I thought about writing a perl module, and have ipfw divert to it (perl > has optional divert socket pm's) Hi, you can try to use Netgraph and ng_path node to alter src/dst UDP port number in outgoing/incoming packets flow. This node allows you change just *anything* in the packet. Take a look at man page for ng_path: www.freebsd.org/cgi/man.cgi?query=ng_patch&apropos=0&sektion=0&manpath=FreeBSD+8.1-stable&format=html Good luck.