Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 03 Jul 2003 17:53:51 +0000
From:      "B Franks" <bsf_40@hotmail.com>
To:        freebsd-questions@freebsd.org
Subject:   ipfw/natd/divert question
Message-ID:  <Law10-F99qTnrrXj7gC00004144@hotmail.com>

next in thread | raw e-mail | index | archive | help
I'd like to come up a ruleset that handles the following example.  Suppose I 
have a daemon listeing on port 2000 and I'd like outside clients to be able 
to communicate with the daemon by addressing traffic to port 2000 or port 
2001.  So,

suppose I have for my natd configuration:
  -redirect_port tcp 1.2.3.4:2000 1.2.3.4:2001

And then in my ipfw ruleset, if I use:
  add 100 divert natd tcp from any to 1.2.3.4 2001 in via rl0
  add 101 divert natd tcp from 1.2.3.4 2000 to any out via rl0

It seems that traffic coming in normally to 1.2.3.4:2000 would enter fine.  
And traffic coming into 1.2.3.4:2001 would be diverted to natd which would 
rewrite the destination port as 1.2.3.4:2000.  So far so good.  But my 
concern is with the 101 ipfw rule...wouldn't it always rewrite traffic 
leaving from 1.2.3.4:2000 as 1.2.3.4:2001?  In which case is there a way to 
distinguish the outbound divert to only take place if the traffic was 
initially diverted on the way in...some sort of divert keep-state?

Thanks for any help or explanations.

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Law10-F99qTnrrXj7gC00004144>