When I do this I use 2 ipnat routers between the machines on which I am "twisting" the ports. Unless your destination machines know you've changed the port and are listening, you need a second ipnat box somewhere.
Anyway, for smb traffic, often there are blocks on port 139 somewhere than cause connections to fail (even on supposedly wide-open pipes), so I use this workaround. Machine A uses Router A as its gateway. Router A changes the port out like you suggest, 540 to 999 and sends it to Router B on some other network; it changes the port back from 999 to 540, the traffic goes out for its intended use, talks to the destination machines, and answers are sent back to Machine A, which appears to be Router B to the world. Don't know if this is even the right thing to do, but it works reliably for me. | Stef - > What would be a very nice resolution is for me to be able to put > a simple rule in ipfilter such that any outgoing packet with a > destination of 1.2.3.4:540 would be remapped to the unique port > being used by this one machine (let's say its 999), and any > incoming packet from 1.2.3.4:999 would be remapped to make it > appear as if it was from 1.2.3.4:540. I already have ipfilter > loaded on the collection machine, but am currently using it only > for filtering, not NAT. http://caunter.ca/contact.html This email is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
