forward/masquerade UDP traffic for specific port #

forward/masquerade UDP traffic for specific port #

Post by Steve Chinatt » Wed, 02 Sep 1998 04:00:00



I have a linux box (Red Hat 5.0, kernel version 2.0.32) that is acting
as an internet gateway using IP masquerading to connect an NT PC to
the internet.  Almost all my applications work fine across this, but I
have one specific application that uses UDP and needs to have it's
source port number perserved when the packet is forwarded out to the
internet.  Here's the idea:

<----- internal network ----> | <---- outside world -->
                              |
----+                    +----------+
NT  | A.A.A.A    B.B.B.B |  linux   | C.C.C.C
box |--------------------+   box    +----------> internet
    |                    |          |
----+                    +----------+

I have an application on the NT box that needs to connect via UDP to a
box on the internet.  It uses UDP, and sends over a particular port,
call it "N".  It uses the same port for source and destination, and
the server responds using the same ports.  The problem is that the
server won't respond if the source port on the packet is not equal to
"N", and since IP masquerading alters the source port on the outgoing
packet the application doesn't work (the server ignores it).

If the server were at address "D.D.D.D", then I'd like to see this:

A.A.A.A (port N) -> D.D.D.D (port N)   on local network

Linux box then "masquerades" only the IP address (it preserves the
port number)

C.C.C.C (port N) -> D.D.D.D (port N)   to internet

Server responds to a request with:

D.D.D.D (port N) -> C.C.C.C (port N)   back to linux box

Linux box then forwards to NT box:

D.D.D.D (port N) -> A.A.A.A (port N)   on local network

I think I can get the UDP redirection on the incoming packets working,
but I don't see how I can preserve the port number through the linux
box on the outgoing packets.  This is the only host on the internal
network that will use this port number, so any hard-coding in either
direction is OK.  Can this be done?  If so, how?

I would appreciate it if any replies could get copied to my e-mail
address as well...

Thanks,
Steve Chinatti

 
 
 

forward/masquerade UDP traffic for specific port #

Post by Paul Matthew » Wed, 02 Sep 1998 04:00:00


Steve,

You may have already looked at redir and/or ipautofw.  If not, ipautofw is
a kernel option.  I used it for videoconferencing.  You might search for
"ip port forwarding."

Paul Matthews
=================================================================


> I have a linux box (Red Hat 5.0, kernel version 2.0.32) that is acting
> as an internet gateway using IP masquerading to connect an NT PC to
> the internet.  Almost all my applications work fine across this, but I
> have one specific application that uses UDP and needs to have it's
> source port number perserved when the packet is forwarded out to the
> internet.  Here's the idea:

> <----- internal network ----> | <---- outside world -->
>                               |
> ----+                    +----------+
> NT  | A.A.A.A    B.B.B.B |  linux   | C.C.C.C
> box |--------------------+   box    +----------> internet
>     |                    |          |
> ----+                    +----------+

> I have an application on the NT box that needs to connect via UDP to a
> box on the internet.  It uses UDP, and sends over a particular port,
> call it "N".  It uses the same port for source and destination, and
> the server responds using the same ports.  The problem is that the
> server won't respond if the source port on the packet is not equal to
> "N", and since IP masquerading alters the source port on the outgoing
> packet the application doesn't work (the server ignores it).

> If the server were at address "D.D.D.D", then I'd like to see this:

> A.A.A.A (port N) -> D.D.D.D (port N)   on local network

> Linux box then "masquerades" only the IP address (it preserves the
> port number)

> C.C.C.C (port N) -> D.D.D.D (port N)   to internet

> Server responds to a request with:

> D.D.D.D (port N) -> C.C.C.C (port N)   back to linux box

> Linux box then forwards to NT box:

> D.D.D.D (port N) -> A.A.A.A (port N)   on local network

> I think I can get the UDP redirection on the incoming packets working,
> but I don't see how I can preserve the port number through the linux
> box on the outgoing packets.  This is the only host on the internal
> network that will use this port number, so any hard-coding in either
> direction is OK.  Can this be done?  If so, how?

> I would appreciate it if any replies could get copied to my e-mail
> address as well...

> Thanks,
> Steve Chinatti



 
 
 

forward/masquerade UDP traffic for specific port #

Post by Noel l Schaef » Tue, 17 Nov 1998 04:00:00




>I have a linux box (Red Hat 5.0, kernel version 2.0.32) that is acting
>as an internet gateway using IP masquerading to connect an NT PC to
>the internet.  Almost all my applications work fine across this, but I
>have one specific application that uses UDP and needs to have it's
>source port number perserved when the packet is forwarded out to the
>internet.  Here's the idea:

><----- internal network ----> | <---- outside world -->
>                              |
>----+                    +----------+
>NT  | A.A.A.A    B.B.B.B |  linux   | C.C.C.C
>box |--------------------+   box    +----------> internet
>    |                    |          |
>----+                    +----------+

>I have an application on the NT box that needs to connect via UDP to a
>box on the internet.  It uses UDP, and sends over a particular port,
>call it "N".  It uses the same port for source and destination, and
>the server responds using the same ports.  The problem is that the
>server won't respond if the source port on the packet is not equal to
>"N", and since IP masquerading alters the source port on the outgoing
>packet the application doesn't work (the server ignores it).

>If the server were at address "D.D.D.D", then I'd like to see this:

>A.A.A.A (port N) -> D.D.D.D (port N)   on local network

>Linux box then "masquerades" only the IP address (it preserves the
>port number)

>C.C.C.C (port N) -> D.D.D.D (port N)   to internet

>Server responds to a request with:

>D.D.D.D (port N) -> C.C.C.C (port N)   back to linux box

>Linux box then forwards to NT box:

>D.D.D.D (port N) -> A.A.A.A (port N)   on local network

>I think I can get the UDP redirection on the incoming packets working,
>but I don't see how I can preserve the port number through the linux
>box on the outgoing packets.  This is the only host on the internal
>network that will use this port number, so any hard-coding in either
>direction is OK.  Can this be done?  If so, how?

>I would appreciate it if any replies could get copied to my e-mail
>address as well...

>Thanks,
>Steve Chinatti


No Prob my man !

you need to get "ipautofw.tar.gz"

yes can get it at lots of ftp sight, here are just a few

ftp.ncu.edu.tw
ftp.grm.se
ftp.up.pt

you get the Idea
look around on those sight and you Will find what you need !

 
 
 

1. Huge UDP traffic from port 1058 to port 3000, what is it?

Hi,
 I noticed a great amount of UDP traffic between two hosts flowing in
my office LAN. Recently the lan does perform vary bad, I guess this is
a cause too.
I would like to investigate in order to understand what happens. Any
help will be appreciated.

I am not the LAN administrator but I think the guys in charge of it
are not very responsable and generally don't care about what's wrong
or anomalous. I would like to understand what's happening and try
giving good and constructive hints to them so that the system will
return working good (as good as it can :-).

Here are the details.

The traffic is of the following kind:
(1) 192.168.xxx.xxx:1058 -> yyy.yyy.yyy.yyy:3000 (UDP)
(2) yyy.yyy.yyy.yyy:3000 -> 192.168.xxx.xxx:1058 (UDP)
And again every 1 second. It goes forever.

Out private lan uses a HUB (it's not switched) and makes use of a
http-Proxy for connecting to outside.
192.168.xxx.xxx is in our private LAN but yyy.yyy.yyy.yyy is outside
and the gateway does not access routing to it from my office host (it
obviously does from yyy.yyy.yyy.yyy or it is otherwise connected (but
with bad routing table)).
I have no access to the 192.168.xxx.xxx host but I could (it's simply
in a different room then my one).

The UDP packets are generally small, from 7 to 40 bytes.
Mostly the sequence is :
(1) sends 7 bytes
(2) sends 29 bytes
(1) sends 12 bytes
(2) sends 10 bytes

Port 1058 seems related to "nim" but I don't know what it is and din't
found much documentation about it. It seems to have something to do
with IBM NIM (?).

MAC address of (2) tells me it's a Surecom product (Surecom has
routers, hubs, switches, adapters ... too many to guess what it is).

Do you have any idea what this traffic is related to?

Packets are small but our non-switched network bounces those packets
everywhere and we have dozens of Win* desktops with poor 10Mbit
ethernet cards :-(
I don't like useless ethernet traffic when the lan is already so bad
planned. We already have a great amount of useless SMB/NBSS traffic on
the wires.

Thank you in advance,
    Roberto

2. Downloads taking the whole bandwidth

3. port forwarding disables outgoing traffic on same port

4. error message with SCO 5 - HELP

5. Duplicate and forward udp traffic

6. DSL sharing on home LAN?

7. masquerading and UDP forwarding (ip_masq_udp)

8. Backup of dual boot Linux/Win98 system?

9. Help with Masquerading / Forwarding UDP

10. Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

11. ipchains/TCP/UDP, Why should I open UDP ports so that my TCP ports can work?

12. Unknown outgoing udp source port 38208-38212 traffic

13. UDP traffic > port 1000