Date: Thu, 24 Jan 2002 23:28:26 -0700 From: "Steve" <sdrew@home.com> To: "'Ruslan Ermilov'" <ru@FreeBSD.ORG>, "'Ramiro V?zquez'" <lrvazquez@megared.net.mx> Cc: <freebsd-ipfw@FreeBSD.ORG> Subject: RE: Using ipfw to make a "Dynamic NAT depending of protocol L7" Message-ID: <000001c1a569$7f4df890$0500000a@stevehome> In-Reply-To: <20020122192603.C58453@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Adding support to libalias would be great interim solution that we could all benefit from. I've heard that Windows Messenger with Windows XP uses SIP protocol, where has MSN Messenger used some other hybrid. Assuming everything is moving to SIP here is a good document about the protocol and which includes how to design this into a NAT system (ie libalias) http://www.cs.columbia.edu/sip/drafts/Ther0005_SIP.pdf This might help someone who has the time to get this going, I know many of us would be grateful. Steve. -----Original Message----- From: owner-freebsd-ipfw@FreeBSD.ORG [mailto:owner-freebsd-ipfw@FreeBSD.ORG] On Behalf Of Ruslan Ermilov Sent: Tuesday, January 22, 2002 10:26 AM To: Ramiro V?zquez Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Using ipfw to make a "Dynamic NAT depending of protocol L7" On Tue, Jan 22, 2002 at 11:19:27AM -0600, Ramiro V?zquez wrote: > Hi, > > We work at a cable-ISP and we are using NAT & PAT to provide > enough IP Addresses to our customers. > > We have experienced problems with certains applications, mostly > with peer to peer applications like MSN Messenger. > Some features like send files function don't work. > We put a sniffer and discover that when one of our customer try to > send a file to someone out of our net does this: > 1.- The application opens a port ( 6891-6899 ). > 2.- Sends the IP of the machine ( the private IP ) and the port > that is listening. > 3.- The another peer try to connect to the private IP and the port > that it had received. > 4.- The connection fails. > > We modify a proxy to change the packet that the application sends > with the private IP and the local port to replace them for a public IP > and another port, then the proxy sends this changes to an application > that just maps or forwards the port that we sent to the peer outside > to the real IP and port of our costumer. > > This solution works and we going to begin with the test with more > connections, but maybe is not the best solution, one disadvantage is > that the costumer must to specify a proxy and it's a hard work. > > We think that if we could make this changes with ipfw or > ip-filters and then add a rule to natd or ip-nat to forward the port, > it would be more efficient. > > Then we can redirect the traffic of MSN to ipfw or ip-filters and > make all transparent to our costumers. > > We think that we can do this for the most important applications > to solve this problem, and its very important because we use a lot of > PAT and many applications can't work with the complete features. > > Is it possible make this with ipfw ?? Is anybody working arround this > ?? > > Any idea or comment would be helpful !! > If you know MSN protocol, it should be pretty easy to add the required glue to libalias(3) to do the necessary payload stubs, etc., so that this works transparently through a natd(8) and/or ppp(8). Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c1a569$7f4df890$0500000a>