From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 5 19:13:19 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E91DEC50 for ; Mon, 5 Nov 2012 19:13:19 +0000 (UTC) (envelope-from nejc@skoberne.net) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id A8E718FC08 for ; Mon, 5 Nov 2012 19:13:19 +0000 (UTC) Received: by mail-pb0-f54.google.com with SMTP id rp8so4364720pbb.13 for ; Mon, 05 Nov 2012 11:13:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skoberne.net; s=google; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=fpInHXwcRRKssHQWBmOslycbuR/Kku5g8d1igvn1+U8=; b=FfL1zEWgqFwCPZyNrTMBmfsBjMMKLbadpzTVexCqHD8SRjxBHlmW0FEc4nE5VbT5AS Wm6dLvw4hAn1iX24NA99OAStTTpyaJ4s+bXoCV8HUDm4od+KREao96DFOugrbVS5DyAB d/6qQy9sWy2Gs3bayNv2VIzaYyDmKIUTMvLSQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding:x-gm-message-state; bh=fpInHXwcRRKssHQWBmOslycbuR/Kku5g8d1igvn1+U8=; b=JqdZoEEFqMVSIDBOhteb8xzXUOhwNNPMUCdXI2KT2W0QH/wLIK7mVc1jQq9gcfrvA/ 8x8G/0YSMAEmCgDJns8/V10aZNMp1gZo9DJ6MKK4Oh1eQ4lT7tNFMONrMiFvE/vsjKfa cVhjoHKNiffrwqYdeYs7/xheL2awCPIWVGCo85RZo8suSwE0J+nxqmnSqsqvF6srS3aH gVcbCwTLW/vjsZONGqHqhP2qZzsIa3PxSz+alkQdl9z4SFmQ6vXRwbW8FpoiBK6MPqYh v5+FpF0t6tI+QcHEehWxJ0hEZjSvLoSIF623jk3yMW1c1mrGzSCoyjKosxC99i6itXvf HQnw== Received: by 10.68.135.42 with SMTP id pp10mr33414605pbb.159.1352142798797; Mon, 05 Nov 2012 11:13:18 -0800 (PST) Received: from ?IPv6:2001:df8:0:16:1d72:2a0:19ec:cd77? ([2001:df8:0:16:1d72:2a0:19ec:cd77]) by mx.google.com with ESMTPS id f2sm11052397paz.25.2012.11.05.11.13.16 (version=SSLv3 cipher=OTHER); Mon, 05 Nov 2012 11:13:17 -0800 (PST) Message-ID: <50980FCB.9060905@skoberne.net> Date: Mon, 05 Nov 2012 14:13:15 -0500 From: =?windows-1252?Q?Nejc_=8Akoberne?= User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Source port translation only Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQk7oFnXqtTpIa72kaoMGGQFb1mmO949J0+NB/jtj1BR3D5a7e3NJ4SFVIX0P9hl127QY7kH X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2012 19:13:20 -0000 Hi, I want to do (stateful) source port translation (restriction actually) on my gateway device, but no source address translation. And I want to do it for IPv6. So if there is a TCP packet like this: SRC ADDR: 2001:db8::10 DST ADDR: 2001:c0de: SRC PORT: 53523 DST PORT: 80 I want to translate it so that the source port falls into a specific port range, say [1024:2047]: SRC ADDR: 2001:db8::10 DST ADDR: 2001:c0de: SRC PORT: 1500 DST PORT: 80 If the source port is already in the requested port range, no translation is needed (but the state has to be kept anyway). Is this possible to do with ipfw? If not, does anybody know for any other (simple) way to do it? Thanks, Nejc