Re: Can ipfilter be used to remap TCP ports?

Thu, 05 May 2005 07:34:10 -0700 

I use the following rule on a system to allow a non-root process to look
externally like it is bound to the default HTTPS port (443), while it is
really bound to 1443:

rdr ce0 W.X.Y.Z/32 port 443 -> W.X.Y.Z port 1443

and it works with no problems, so it is definitely workable on the
receiving end. No experience with the sending end, but I imagine that
would be just the same.

Good luck.

                        Bill Knox
                        Lead Operating Systems Programmer/Analyst
                        The MITRE Corporation

On Thu, 5 May 2005, Robert Stampfli wrote:

> Date: Thu, 05 May 2005 00:39:11 -0400 (EDT)
> From: Robert Stampfli <[EMAIL PROTECTED]>
> To: [email protected]
> Subject: Can ipfilter be used to remap TCP ports?
>
> Here's my dilemma in a nutshell:  I have a Sun Sparc machine that
> collects data from several machines across the internet.  The
> data is collected by UUCP over TCP.  One of the machines is
> located somewhere where TCP port 540, the one that UUCP normally
> uses, is blocked somewhere at a router we don't control, so I have
> configured that machine to listen on another port.  Let's call the
> IP address of this machine 1.2.3.4.
>
> The problem arises that the collection machine, which instigates
> all the connections, expects UUCP over TCP to occur on port 540.
> What would be a very nice resolution is for me to be able to put
> a simple rule in ipfilter such that any outgoing packet with a
> destination of 1.2.3.4:540 would be remapped to the unique port
> being used by this one machine (let's say its 999), and any
> incoming packet from 1.2.3.4:999 would be remapped to make it
> appear as if it was from 1.2.3.4:540.  I already have ipfilter
> loaded on the collection machine, but am currently using it only
> for filtering, not NAT.
>
> This is not really NAT in the traditional sense.  For instance,
> there is no need to retain any connection-oriented history here.
> I have tried various flavors of the rule:
>
> rdr hme0 1.2.3.4/32 port 540 -> 1.2.3.4 port 999 tcp
>
> unfortunately, with no luck.  I'm not even sure I am going about
> this in the right way.
>
> Is there a way to accomplish what I want with ipfilter, and if
> so how should one craft a rule to do it?
>
> As always, thanks in advance for your help and suggestions.
>
> Rob
>

Reply via email to