On Thu, 2004-04-15 at 21:50, Darren Reed wrote:
> In some email I received from Steffen Ries, sie wrote:
> > Hi,
> >
> > For a transparent proxy, I want to rdr a set of ports to a single
> > destination port.
> >
> > man -s5 ipnat specifies that the matched port can be in the form portnum
> > "-" portnum. I have not found any documentation of how the range is
> > supposed to work and by trial and error I found that the destination
> > port is an offset to the port I originally specified.
> >
> > E.g. when I specify:
> >
> > rdr dmfe0 0.0.0.0/0 port 4000-5000 -> 127.0.0.1 port 9000 tcp
> >
> > incoming requests on port 4123 are redirected to port 9123, not to port
> > 9000 like I want.
>
> To do what you want, try this:
>
> rdr dmfe0 from any to any port 3999 >< 5001 -> 127.0.0.1 port 9000 tcp
interesting syntax...
I tried it. The effect is the same, the offset is just off by one (4123
is redirected to 9124 instead of 9123). I have the impression that "><"
does exactly the same as "-".
BTW: I forgot to mention that I'm trying this with 3.4.31. Don't know if
that makes a difference.
I looked at the code, if I'm not misreading ip_nat.c line 1401-1405,
then I would expect to always get the offset behavior when a port range
is specified.
1394 if (!np->in_pnext)
1395 nport = dport;
1396 else {
1397 /*
1398 * Whilst not optimized for the case where
1399 * pmin == pmax, the gain is not significant.
1400 */
1401 if (np->in_pmin != np->in_pmax) {
1402 nport = ntohs(dport) - ntohs(np->in_pmin) +
1403 ntohs(np->in_pnext);
1404 nport = ntohs(nport);
1405 } else
1406 nport = np->in_pnext;
1407 }
I can change the code for my application, but I'm wondering what I would break if I do
this.
/steffen
--
Steffen Ries <[EMAIL PROTECTED]>
