I knew this was practically impossible. But technicaly it is. So I thought maybe someone has a clue about another tool, or some tricky way to do something like this. I personally think that this *should* be a feature in the next version of ipfilter. I mean, a syntax that lets users to change both source and destination IPs (and ports of course) with a single command. Like the following for example;
fxp0 external fxp1 internal napt fxp0 from any to fxp0/32 port 20032 -> from fxp1/32 to 10.21.3.1 port 23 -Ali -----Original Message----- From: Andrew Kopeyko [mailto:[EMAIL PROTECTED]] Posted At: Friday, August 16, 2002 2:23 PM Posted To: IPFilter Conversation: How can I do this nat? Subject: RE: How can I do this nat? On Fri, 16 Aug 2002, Ali (ipfilter) wrote: > Andrew, > > I've read the manuals and FAQ carefully. > > RDR changes only the destination IP address/port in the NAT. What I > want is to also change the source address. This is done with MAP, but > I want to do both. > > Of course the packet is sent from 10.21.3.254 to destination IP > 10.21.3.1 but RDR doesn't change the source IP address (X.Y.Z.T in my > example) of the packets. O! I have mis-understood you. So, the answer is very short - "seems to be impossible". IMHO, ipnat can't change source addr AND destination addr of the packet; only one of them can be altered. Am I right, Darren? To solve your problem, Ali, you should use some proxies - eg. 'delegate' or 'fwtk' Why can't you setup 'default gateway' on your internal host? In this case you would be able to use RDR rule. > -----Original Message----- > From: Andrew Kopeyko [mailto:[EMAIL PROTECTED]] > Posted At: Friday, August 16, 2002 11:59 AM > Posted To: IPFilter > Conversation: How can I do this nat? > Subject: Re: How can I do this nat? > > > On Fri, 16 Aug 2002, Ali (ipfilter) wrote: > > > Hi all, > > > > External interface: A.B.C.D > > Internal network: 10.21.3.0/24 > > Firewall/router: 10.21.3.254 > > One special host: 10.21.3.1 > > > > What I want is to allow outsite to telnet into my special host thru > > a different external port (not 23). Lets say 20023. So what I want > > is to map A.B.C.D:20023 to 10.21.3.1:23 > > You must use RDR to perform this: > > rdr <ifname> A.B.C.D port 20023 -> 10.21.3.1 port 23 tcp > > > > > But when I do this, I also need to 'map' the source address as > > 10.21.3.254 because the special host cannot answer to IP addresses > > other than 10.21.3.0/24 network (seems like it doesn't have a > > default gw). > > Connection to your "special host" will be done from 10.21.3.254 > address. > > > > > Shortly, from a given X.Y.Z.T external IP, I need to NAT something > > like this; > > > > X.Y.Z.T -> A.B.C.D:20023 will change as > > 10.21.3.254:[some nat port] -> 10.21.3.1:23 > > > > Can I do this? > > read man carefully and read FAQ > > > -- Best regards, Andrew Kopeyko <[EMAIL PROTECTED]> Rambler Co. http://www.rambler.ru/ phone : +7 095 745-3619
