How to forward UDP packets to another port and get responses with port translation?

[John Nielsen]

On Dec 2, 2013, at 3:10 PM, Yuri <yuri at rawbw.com> wrote:

> I would like to translate the port in all DNS requests, so that the server works on the different port (ex. 1053) on the same net and the client works on the original port 53.
> 
> I am thinking about two approaches:
> * forward packets into the server:
> ipfw add 200 fwd 192.168.10.1,1053 udp from 192.168.10.0/24 to 192.168.10.1 53
> The problem with routing responses is that natd(8) doesn't allow to change the source port, only the source address. There is -alias_address option but no -alias_port option.
> 
> * divert and natd(8):
> natd -port 8668 -interface tap0 -redirect_port udp 192.168.10.1:1053 53
> $IPF 200 divert natd udp from 192.168.10.0/24 to 192.168.10.1 53 via tap0 keep-state
> 
> In both cases reply packets have the source port 1053, and it isn't clear how to make it 53.
> It seems that divert only passes to natd(8) packets from one direction, and not from the other.
> 
> Is there a way to properly translate the ports back and forth in such simple UDP communication?

A single nat instance with redirect_port _should_ do what you are asking for; in the above it looks like the responses are bypassing the nat.

Here's an untested off-the-top-of-my head snippet (using libalias rather than natd):

ipfw nat 100 config ip 192.168.10.1 redirect_port udp 192.168.10.1:1053 53
ipfw add 100 nat 100 ip4 from 192.168.10.0/24 to 192.168.10.1 53
ipfw add 200 nat 100 ip4 from 192.168.10.1 1053 to 192.168.10.0/24

Hope that points you in the right direction.

JN