ipfw/natd/divert question
B Franks
bsf_40 at hotmail.com
Thu Jul 3 10:53:52 PDT 2003
I'd like to come up a ruleset that handles the following example. Suppose I
have a daemon listeing on port 2000 and I'd like outside clients to be able
to communicate with the daemon by addressing traffic to port 2000 or port
2001. So,
suppose I have for my natd configuration:
-redirect_port tcp 1.2.3.4:2000 1.2.3.4:2001
And then in my ipfw ruleset, if I use:
add 100 divert natd tcp from any to 1.2.3.4 2001 in via rl0
add 101 divert natd tcp from 1.2.3.4 2000 to any out via rl0
It seems that traffic coming in normally to 1.2.3.4:2000 would enter fine.
And traffic coming into 1.2.3.4:2001 would be diverted to natd which would
rewrite the destination port as 1.2.3.4:2000. So far so good. But my
concern is with the 101 ipfw rule...wouldn't it always rewrite traffic
leaving from 1.2.3.4:2000 as 1.2.3.4:2001? In which case is there a way to
distinguish the outbound divert to only take place if the traffic was
initially diverted on the way in...some sort of divert keep-state?
Thanks for any help or explanations.
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
More information about the freebsd-questions
mailing list