looking to translate SRC port as well.

Michael Scheidell michael.scheidell at secnap.com
Fri Feb 25 15:48:27 UTC 2011


In short, I have a sip server that is very restrictive on the dst port, 
and a sip trunk provider that is very restrictive on src ports.

Naturally, its a great sip server, and a great sip trunk service, and 
the ports each one demands are not the same.
the sip server listens on udp port 5080, and the sip trunk provider MUST 
send TO udp port 5060.
(easy, right?) no, when the sip server sends to the sip trunk provider, 
the sip trunk provider must think the sip server src port is 5060 also!
(and it is not)

So, the sip server must think it is sending and receiving sip on port 
5080, the sip trunk must think it is sending and receiving on port 5060.

I have looked at ipfw/divert sockets, netawk, natd, and trying to find 
the easiest way to do it.

I thought about writing a perl module, and have ipfw divert to it (perl 
has optional divert socket pm's)

traffic map should look like this inbound:

em0: siptrunk.sipprovider.com:5060 ->   em1: sipswitch.secnap.com:5060 
(leg before translation)
after translation:
em0: siptrunk.sipprovider.com:5080 -> em1: sipswitch.secnap.com:5080.

outbound:
em1:sipswitch.secnap.com:5080 -> em0: siptrunk.sipprovider.com:5080 (leg 
before translation)
em1: sipwwitch.secnap.com:5060 -> em0: siptrunk.sipprovider.com:5060 
(leg after translation)

see, its not just the dst port I need translated, but the src port that 
the other side sees as well.

additional notes:

I can capture inbound and outbound via if_bridge, since em0 and em1 are 
using a transparent ipfw->if_bridge fw.


-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
 >*| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best in Email Security,2010: Network Products Guide
    * King of Spam Filters, SC Magazine 2008

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________  


More information about the freebsd-ipfw mailing list