Hi...
How about your weekend....^^ I wish you're in good time..
I'm now making xdmcp module for netfilter...
In ip_nat_xdmcp,
I'd like to masquerade like this...
I know the source ip and destination(masq server) ip and port..
If the source ip and masq ip & port are matched, I'd like to relay to real destination
& port....
It's a tcp connection...
I've tried to do this....but it failed..
In helper of ip_nat_xdmcp module...
After I know the source ip and masq port and real destination & port...,
I registered expect_realted packet using
----------------------------------------------------------------------------------------------
newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
/* Expect something from server->client */
tuple.src.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip;
tuple.dst.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
port = ct_xdmcp_info->port;
tuple.dst.protonum = IPPROTO_TCP;
tuple.dst.u.tcp.port = htons(port);
DEBUGP("%u.%u.%u.%u -> %u.%u.%u.%u :port %u related\n",
NIPQUAD(tuple.src.ip), NIPQUAD(tuple.dst.ip), port);
ip_conntrack_expect_related(ct, &tuple, &mask, NULL);
---------------------------------------------------------------------------------------------------
Is it right? it's for "from tuple src ip to tuple dst ip and dst port ,TCP connection"
After that...
In xdmcp_nat_expected function...
----------------------------------------------------------------------------------------------------------------
mr.rangesize = 1;
/* We don't want to manip the per-protocol, just the IPs... */
mr.range[0].flags = IP_NAT_RANGE_MAP_IPS;
mr.range[0].min_ip = mr.range[0].max_ip = newip;
/* ... unless we're doing a MANIP_DST, in which case, make
sure we map to the correct port */
if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_DST) {
mr.range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
mr.range[0].min = mr.range[0].max
= ((union ip_conntrack_manip_proto)
// { htons(xdmcpinfo->port) });
{ htons(6002) });
}
*verdict = ip_nat_setup_info(ct, &mr, hooknum);
-----------------------------------------------------------------------------------------------------
But it's not working...
Please help me...if you know something..
In short, I'd like to make this working......
If some source ip, any port tried to connect masq ip and special port(I knew it
already)
forwarding to real dst ip and one port (I knew also)...
---------------- --------------
---------------
source ip masq ip
real dst ip
any port --------> 6099(one port)
---------> 6002(one port)
---------------- --------------
---------------
Thanks....
