Date: Mon, 18 Dec 2017 01:42:24 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Sami Halabi <sodynet1@gmail.com> Cc: freebsd-net@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: need help using ng_patch to modify src/dst packets or alternative way Message-ID: <5A36BA90.8020302@grosbein.net> In-Reply-To: <CAEW%2BogY8erHN=ZnKCqxxVx8Ww=2eVL4bm1CtMXyZhESTzM-SXA@mail.gmail.com> References: <CAEW%2BogbYXwMZUmbd%2BpmhgNPY-_7ZYHF4EeOWYgq%2B0iuG_hr2Mw@mail.gmail.com> <CAEW%2Bogae4BfmzSk4QU%2B4EHGE4E1BKO-mq2BAm1dvXCuh8DCYTg@mail.gmail.com> <CAEW%2BogZfrmj-ZJoCp_WExc5K4Gck-yFBUo5q%2BjJ6Wao3LygXmQ@mail.gmail.com> <CAEW%2BogYtdg2xUtyfWSLCwhyOypY-DT6c=BzOszcTMrCacp8jsQ@mail.gmail.com> <CAEW%2BogbJU5qtNsENkMA8-=kV8BsOMhP4biEsxtLfr-t54NE4=g@mail.gmail.com> <CAEW%2BogYzjpMzWSTxNDtKvEQgo3HpzuCgDh6Vs5_EKxM%2BCfGWtg@mail.gmail.com> <CAEW%2BogZpBhMpfZpRJa3LR_yzgeFWSRZhezaeVZ6JmYcoDy6xQg@mail.gmail.com> <CAEW%2BogZukjbh2zqcMWzc7R1zVzwyGiLfG=JZeZdcJbana5jhDg@mail.gmail.com> <CAEW%2BogbOVzpeDkDrWgDud8ttUVSPuaOEJ_Dw%2BQxfshZ4zTSVKQ@mail.gmail.com> <CAEW%2BogbaR=k1H2_1MYXjHCEKTFUYCo5k9cn-fOm3bT5VJaQpGg@mail.gmail.com> <CAEW%2BogZ1-R97P6MhECcLYjdKr4ZFKUhnuMvk7r2eN2F8-E1LNA@mail.gmail.com> <CAEW%2BogaxHp387AZGBBHQChz4VP5pH-TW9eCFGd2YeW_fcuVVSA@mail.gmail.com> <5A3638E5.6090308@grosbein.net> <CAEW%2BogY8erHN=ZnKCqxxVx8Ww=2eVL4bm1CtMXyZhESTzM-SXA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
17.12.2017 17:59, Sami Halabi wrote: > Hi Eugene, > I'm looking for a solution for IP traffic. in linux iptables its possible but I couldn't find freebsd way yet. > bkuncr soulution works for tcp only. Then, you need to realize that for every packet, you need to change (translate) both of source IP address from 10.1.1.2 to 1.1.1.1 and destination IP address from 10.1.1.1 to X.X.X.X. This is called network address translation and, in fact, you need NAT. But not ordinary "simple" NAT that translates only source address in outgoing packets (and destination in incoming replies) but double or "binat" to translate destination address in outgoing packets too (and source address in corresponding replies). This is possible to do with two instances of "ipfw nat" (or natd) for single external destination but not for arbitrary number of external destinations. They say, "pf(4)" packet filter can perform "binat" properly. I have not tried that. You should start reading its documentation.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A36BA90.8020302>